Ejemplo n.º 1
0
 /// <summary>
 ///     Creates the Warden service which monitors processes on the computer.
 /// </summary>
 /// <param name="options"></param>
 public static void Initialize(WardenOptions options)
 {
     if (!Api.IsAdmin())
     {
         throw new WardenManageException(Resources.Exception_No_Admin);
     }
     Options = options ?? throw new WardenManageException(Resources.Exception_No_Options);
     try
     {
         ShutdownUtils.RegisterEvents();
         var wmiOptions = new ConnectionOptions()
         {
             Authentication   = AuthenticationLevel.Default,
             EnablePrivileges = true,
             Impersonation    = ImpersonationLevel.Impersonate
         };
         var scope = new ManagementScope(string.Format(@"\\{0}\root\cimv2", Environment.MachineName), wmiOptions);
         scope.Connect();
         _processStartEvent =
             new ManagementEventWatcher(scope, new WqlEventQuery {
             EventClassName = "Win32_ProcessStartTrace"
         });
         _processStopEvent =
             new ManagementEventWatcher(scope, new WqlEventQuery {
             EventClassName = "Win32_ProcessStopTrace"
         });
         _processStartEvent.EventArrived += ProcessStarted;
         _processStopEvent.EventArrived  += ProcessStopped;
         _processStartEvent.Start();
         _processStopEvent.Start();
         Initialized = true;
         Logger?.Debug("Initialized");
     }
     catch (Exception ex)
     {
         throw new WardenException(ex.Message, ex);
     }
 }
Ejemplo n.º 2
0
 /// <summary>
 ///     Fired when a process dies.
 /// </summary>
 /// <param name="sender"></param>
 /// <param name="e"></param>
 private static void ProcessStopped(object sender, EventArrivedEventArgs e)
 {
     try
     {
         var targetInstance = (ManagementBaseObject)e.NewEvent["TargetInstance"];
         var processId      = int.Parse(targetInstance["ProcessId"].ToString());
         targetInstance.Dispose();
         e.NewEvent.Dispose();
         try
         {
             HandleStoppedProcess(processId);
             Logger?.Debug($"{processId} stopped");
         }
         catch (Exception ex)
         {
             Logger?.Error(ex.ToString());
         }
     }
     catch (Exception ex)
     {
         Logger?.Error(ex.ToString());
     }
 }