 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / New Users / February 2004Process Creation Listener
I know that you can use WMI to detect when new processes are created...and that you use the System.Management namespace. Is there any way to do this without going through the "overhead" of WMI? Can this be gotten by using the System.Diagnostics.Performance... classes? I suppose that you could use the System.Diagnostics.PerformanceCounter class to monitor the Process counter and poll the processes that are there every so often to see if they have changed on a thread. Doesn't sound like it would be more efficient, but I haven't compared the two. If you write it, let us know how they faired. Mitch Ruebush Microsoft Regional Director - http://www.microsoftregionaldirectors.com Visual Developer - .NET MVP - http://mvp.support.microsoft.com/ Architect | Evangelist | Teacher Online Consulting, Inc. - http://www.onlc.com MCSD, MCAD, MCDBA, MCSE, MCT > I know that you can use WMI to detect when new processes are created...and > that you use the System.Management namespace. > Is there any way to do this without going through the "overhead" of WMI? > Can this be gotten by using the System.Diagnostics.Performance... classes? Does WMI use a polling technique? Is there anyway to "hook" the CreateProcess call? Is there anyway to get an event when a performance counter changes value? > I suppose that you could use the System.Diagnostics.PerformanceCounter class > to monitor the Process counter and poll the processes that are there every [quoted text clipped - 14 lines] > > Is there any way to do this without going through the "overhead" of WMI? > > Can this be gotten by using the System.Diagnostics.Performance... classes? I see if anybody else knows of a better way, but WMI is not all that slow and that is the only way that I know to register for events. These are accessed through a System.Management.WQLEventQuery that is associated with a System.Management.ManagementEventWatcher Counters are just values, very lightweight, WMI is the infrastructure that does what you are asking, creating the ability to attach events to the counters. You could write your own process factory and make you own event for creating processes and then launch the Process using the System.Diagnostics.Process object, but that would only work on your program's processes. Otherwise Windows launches the processes and I don't think there is an event in the Win32 api, I will look later though... The examples I have seen all use some kind of polling to do this (for example creating a simple Task Manager and being able to update the process list, this is done on threads). Mitch > Does WMI use a polling technique? > Is there anyway to "hook" the CreateProcess call? [quoted text clipped - 22 lines] > > > Can this be gotten by using the System.Diagnostics.Performance... > classes? The "WMI Kernel Trace Event Provider" (XP and higher) is a high performance provider exposing Win32_ProcessStartTrace, Win32_ProcessStopTrace, Win32_ThreaStartTrace, Win32_ThreadStopTrace events is superfast and provides a new scope for monitoring process related resources. Willy. > Does WMI use a polling technique? > Is there anyway to "hook" the CreateProcess call? [quoted text clipped - 24 lines] >> > Can this be gotten by using the System.Diagnostics.Performance... > classes? Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.