[Repost] Process start
I want to know when ANY new process is started and I want to get the path of the file that ran the process (and the name of the process as well)
6 Replies
it's possible?
Only thing that comes to mind is maybe WMI
One thing for sure, is you'd have to
DLLImport some stuff, and maybe even straight pinvoke and all that jazz
No easy way
If anyan inefficient method would be to poll your processes list at certain intervals and detect new processes in the list. then get the executable assembly information from there. I wouldn't recommend this approach though. wouldn't help very much with microprocesses.
Unknown User•3y ago
Message Not Public
Sign In & Join Server To View
ok
Scanning the list of running processes periodically is going to be quite unreliable as you could certainly miss processes starting and exiting between your checks.
This post shows one way to do this with WMI (you need to generate the C# class for the process object, there is a comment showing how to do it)
https://weblogs.asp.net/whaggard/438006
WMI generally doesn't have great performance although maybe it is fine for your purpose.
Another option would be to write a kernel mode driver and using something like PsSetCreateProcessNotifyRoutine, but writing your own driver is kind of getting into advanced territory and is not C# so maybe not a good answer here.