How to monitor process/program execution in windows?
The easiest way is to use WMI. Specifically monitor the Win32_ProcessStartTrace. This is better than Win32_Process, because it is setup to use events whereas Win32_Process requires polling which is more CPU intensive. Below is how to do it in C#. First make sure that System.Management is setup as a reference for your project.
public System.Management.ManagementEventWatcher mgmtWtch; public Form1() { InitializeComponent(); mgmtWtch = new System.Management.ManagementEventWatcher("Select * From Win32_ProcessStartTrace"); mgmtWtch.EventArrived += new System.Management.EventArrivedEventHandler(mgmtWtch_EventArrived); mgmtWtch.Start(); } void mgmtWtch_EventArrived(object sender, System.Management.EventArrivedEventArgs e) { MessageBox.Show((string)e.NewEvent["ProcessName"]); } private void Form1_FormClosing(object sender, FormClosingEventArgs e) { mgmtWtch.Stop(); }The code will generate a messagebox everytime you launch a new process. From there you can check a whitelist/blacklist and act appropriately.
I havn't tried geting real-time notification. How ever, Here is how to get running processes in C#
using System.Diagnostics; //Somewhere in your methodProcess[] runningList = Process.GetProcesses();foreach(Process p in runningList){Console.WriteLine("Process: {0} ID: {1}", p.ProcessName, p.Id);}You can also use the following props of a process
- StartTime - Shows the time the process started
- TotalProcessorTime - Shows the amount of CPU time the process has taken
- Threads - gives access to the collection of threads in the process
I would check up the Win32-api SetWindowsHookEx with the constant WH_GETMESSAGE to add a callback to your program when a new window is being created.
http://pinvoke.net/default.aspx/user32.SetWindowsHookEx
Google that API and WH_GETMESSAGE to find out more.
Also check out the following articles/code librarys:http://www.vbaccelerator.com/home/Vb/Code/Libraries/Hooks/vbAccelerator_Hook_Library/article.asp