public static void Run()
        {
            // Create event query to be notified within 1 second of
            // a new process being created
            WqlEventQuery query =
                new WqlEventQuery("__InstanceCreationEvent",
                new TimeSpan(0, 0, 1),
                "TargetInstance isa \"Win32_Process\"");

            // Initialize an event watcher and subscribe to events
            // that match this query
            ManagementEventWatcher watcher =
                new ManagementEventWatcher(query);
            // times out watcher.WaitForNextEvent in 5 seconds
            watcher.Options.Timeout = new TimeSpan(0, 0, 5);

            // Block until the next event occurs
            // Note: this can be done in a loop if waiting for
            //        more than one occurrence
            Console.WriteLine(
              "Open an application (notepad.exe) to trigger an event.");
            ManagementBaseObject e = watcher.WaitForNextEvent();
            log.Debug(e.GetText(TextFormat.Mof ));
            ManagementBaseObject target = (ManagementBaseObject)e["TargetInstance"];
            Object targetName = target["Name"];
            Object targetPath = target["ExecutablePath"];
            //Display information from the event
            log.Info(
                "Process {0} has been created, path is: " + targetName + ", " + targetPath);

            //Cancel the subscription
            watcher.Stop();
        }
Esempio n. 2
0
 public static void WatchDrives(Action handler)
 {
     using (var watcher = new ManagementEventWatcher())
     {
         WqlEventQuery query = new WqlEventQuery("SELECT * FROM Win32_VolumeChangeEvent WHERE EventType = 2");
         watcher.EventArrived += (e, sender) => handler();
         watcher.Query = query;
         watcher.Start();
         watcher.WaitForNextEvent();
     }
 }
        static void Main(string[] args)
        {
            string dirToWatch = "C:\\\\SSIS\\\\Files\\\\Tyson\\\\BI\\\\Incoming\\\\";
            string dirDest = "\\\\\\\\whqwssissb02\\\\SSIS\\\\Files\\\\Tyson\\\\BI\\\\Incoming\\\\";
            string dirLog = "C:\\\\SSIS\\\\Files\\\\Tyson\\\\BI\\\\";
            string logFileName = "SSISIncomingDirectoryWatcher.log";
            string drive = Regex.Replace(dirToWatch, @"(.*:).*", "$1");
            string path = Regex.Replace(dirToWatch, @".*:(.*)", "$1");
            FileInfo file;
            TextWriter tw = File.CreateText(dirLog + logFileName);

            // Create a query to be notified within 1 second of a file creation
            WqlEventQuery query = new WqlEventQuery("__InstanceCreationEvent", new TimeSpan(0, 0, 1), "TargetInstance isa \"CIM_DataFile\" AND "
                                                                                                    + "TargetInstance.Drive=\"" + drive + "\" AND "
                                                                                                    + "TargetInstance.Path=\"" + path + "\"");

            // Initialize an event watcher and subscribe to events that match this query
            ManagementEventWatcher watcher = new ManagementEventWatcher(query);

            // Block until the next event occurs
            ManagementBaseObject e = watcher.WaitForNextEvent();

            string name = (string)((ManagementBaseObject)e["TargetInstance"])["Name"];
            file = new FileInfo(name);
            string destPath = Path.Combine(dirDest, file.Name);
            file.CopyTo(destPath);

            tw.WriteLine("Moved [{0}] to [{1}] at {2}", name, destPath, DateTime.Now);

            //Console.WriteLine("Name: {0}", ((ManagementBaseObject)e["TargetInstance"])["Name"]);
            //Console.WriteLine("FileName: {0}", ((ManagementBaseObject)e["TargetInstance"])["FileName"]);

            // Run this bitch to discover what's available.
            //ManagementBaseObject dataFile = (ManagementBaseObject)e["TargetInstance"];
            //PropertyDataCollection properties = dataFile.Properties;

            //foreach (PropertyData property in properties)
            //{
            //    Console.WriteLine("{0}: {1}", property.Name, property.Value);
            //}

            watcher.Stop();
            tw.Close();

            Console.WriteLine("Press any key to exit...");
            Console.ReadLine();
        }
        public static void Run()
        {
            WqlEventQuery query = new WqlEventQuery("__InstanceCreationEvent", new TimeSpan(0, 0, 1), "TargetInstance isa \"Win32_Process\"");

            ManagementEventWatcher watcher = new ManagementEventWatcher();

            watcher.Query = query;

            watcher.Options.Timeout = new TimeSpan(0,0,5);

            Console.WriteLine("Open application (motepad.exe) to trigger an event.");

            ManagementBaseObject e = watcher.WaitForNextEvent();

            Console.WriteLine("Process {0} has been created, path is: {1}",
                ((ManagementBaseObject)e["TargetInstance"])["Name"], ((ManagementBaseObject)e["TargetInstance"])["ExecutablePath"]);

            watcher.Stop();
        }
Esempio n. 5
0
        static void Main(string[] args)
        {
            ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT * FROM Win32_OperatingSystem");
            ManagementObjectCollection queryCollection = searcher.Get();

            foreach (ManagementObject m in queryCollection)
            {
                Console.WriteLine("Computer Name : {0}", m["csname"]);
                Console.WriteLine("Windows Directory : {0}", m["WindowsDirectory"]);
                Console.WriteLine("Operating System: {0}", m["Caption"]);
                Console.WriteLine("Version: {0}", m["Version"]);
                Console.WriteLine("Manufacturer: {0}", m["Manufacturer"]);
            }

            //-----------------------------------------------------------------------------------------
            //Process creation event (waiting for)

            WqlEventQuery query = new WqlEventQuery("__InstanceCreationEvent", new TimeSpan(0, 0, 1), "TargetInstance isa \"Win32_Process\"");
            ManagementEventWatcher watcher = new ManagementEventWatcher(query);
            ManagementBaseObject e = watcher.WaitForNextEvent();

            Console.WriteLine("Process {0} has been created, path is: {1}",
                ((ManagementBaseObject)e["TargetInstance"])["Name"],
                ((ManagementBaseObject)e["TargetINstance"])["ExecutablePath"]);

            watcher.Stop();

            //-----------------------------------------------------------------------------------------
            //Responding to WMI Events with an Event Handler

            ManagementEventWatcher mew = null;

            EventReceiver receiver = new EventReceiver();

            mew = GetWatcher(new EventArrivedEventHandler(receiver.OnEventArrived));

            mew.Start();

            Console.ReadKey();

            mew.Stop();
        }
Esempio n. 6
0
        public void ExecuteRemoteProcess(string command)
        {
            Wmi cimv2 = new Wmi(ServerNameSettings, "root\\cimv2");
            ManagementClass objProcess = cimv2.GetWmiClass("Win32_Process");

            // run process
            object[] methodArgs = { command, null, null, 0 };
            objProcess.InvokeMethod("Create", methodArgs);

            // process ID
            int processId = Convert.ToInt32(methodArgs[3]);

            // wait until finished
            // Create event query to be notified within 1 second of 
            // a change in a service
            WqlEventQuery query =
                new WqlEventQuery("__InstanceDeletionEvent",
                new TimeSpan(0, 0, 1),
                "TargetInstance isa \"Win32_Process\"");

            // Initialize an event watcher and subscribe to events 
            // that match this query
            ManagementEventWatcher watcher = new ManagementEventWatcher(cimv2.GetScope(), query);
            // times out watcher.WaitForNextEvent in 20 seconds
            watcher.Options.Timeout = new TimeSpan(0, 0, 20);

            // Block until the next event occurs 
            // Note: this can be done in a loop if waiting for 
            //        more than one occurrence
            while (true)
            {
                ManagementBaseObject e = null;

                try
                {
                    // wait untill next process finish
                    e = watcher.WaitForNextEvent();
                }
                catch
                {
                    // nothing has been finished in timeout period
                    return; // exit
                }

                // check process id
                int pid = Convert.ToInt32(((ManagementBaseObject)e["TargetInstance"])["ProcessID"]);
                if (pid == processId)
                {
                    //Cancel the subscription
                    watcher.Stop();

                    // exit
                    return;
                }
            }
        }
        /// <summary>Runs some command.</summary>
        /// <param name="command">The command to run.</param>
        /// <param name="wmiScope"> The ManagementScope object to connect to. (default=none).</param>
        /// <param name="wait">Command's timeout expiration.</param>
        /// <remarks>IMPORTANT: 'domain/login/password' must have correct priviledges on the CIMV2 path ('Access denied' => see http://msdn.microsoft.com/en-us/library/windows/desktop/aa393613%28v=vs.85%29.aspx )</remarks>
        /// TODO: ?? Replace 'wait' parameter with some cancel callback ??
        public static int Run(string command,
                                ManagementScope wmiScope,
                                double wait = double.PositiveInfinity)
        {
            // We let internal functions check and make defaults
            if (double.IsNaN(wait) || (wait < 0.0)) { throw new ArgumentException("wait range is 1-9999"); }


            // Process survey
            var processId = new[] { (uint)0 };
            var exitCode = 0;
            var arguments = ((command ?? "")).Trim();
            var watcher = (ManagementEventWatcher)null;
            var scope = (ManagementScope)null;

            // Note for the following code by mmcpherson 2014/02/13: 
            // Originally I used the asynchronous implementation of WMI. Unfortunately using asynchronous would cause WMI access denied errors
            // if the source and target computers were not in the same domain!!! I could not find a simple solution for this.
            // 
            // I had to modify the solution so that it is now semi-synchronous, which is a compromise. Using this method prevents the UI
            // thread from freezing, and still allows for some feedback whether a remote process has started or stopped. This is reliant 
            // on that the WMI timeout period is set to wait for long enough of a time.

            try
            {
                // Connecting to WMI scope
                var span = TimeSpan.FromSeconds(0); // TODO: ?? relate to 'wait' or check cancel ??

                // Removing use of wmi scope options for my own built in RemoteConnect
                //scope = connectToWmiScope(machine, domain, username, password, securePassword, span);
                scope = wmiScope;
 
                // Begin process stop watcher
                Func<uint> getProcessId = () => processId[0];
                Action<int> setExitCode = (code) => exitCode = code;
           
                // Create the process
                processId[0] = createProcess(scope, arguments);

                // Create event query to be notified within 1 second of 
                // a change in a service
                WqlEventQuery query =
                    new WqlEventQuery("SELECT * From WIN32_ProcessStopTrace WHERE ProcessID=" + getProcessId());

                // Initialize an event watcher and subscribe to events 
                // that match this query
                watcher =
                    new ManagementEventWatcher(scope, query);
                // times out watcher.WaitForNextEvent in 5 seconds
                watcher.Options.Timeout = new TimeSpan(0, 0, (int)wait);


                // Block until the next event occurs 
                // Note: this can be done in a loop if waiting for 
                //        more than one occurrence 
                ManagementBaseObject e = watcher.WaitForNextEvent();
               
                //Cancel the subscription
                watcher.Stop();
                return exitCode;


  /*
   * // TODO: THe following can be implemented for detecting timeouts & restarted servers to prevent issues with timeout exceptions
   * http://stackoverflow.com/questions/12159989/asynchronous-wmi-event-handling-in-net
            ManagementEventWatcher w = new ManagementEventWatcher(managementScope, new WqlEventQuery("select * from Win32_ProcessStopTrace where ProcessId=" + ProcessId));
            w.Options.Timeout = new TimeSpan(0, 0, 0, 0, 1);
            DateTime start = DateTime.Now;
            while (Status == StatusNotStarted) //default status(just strings)
            {
                try
                {
                    var ev = w.WaitForNextEvent();
                    ReturnCode = (uint)ev.Properties["ExitStatus"].Value;
                    Status = (ReturnCode == 0) ? StatusOk : StatusFailed;
                }
                catch (ManagementException ex)
                {
                    if (!ex.Message.Contains("Timed out"))
                        throw ex;
                    try
                    {
                        Ping p = new Ping();
                        PingReply reply = p.Send(MachineIP);
                        if (reply.Status != IPStatus.Success)
                            Status = StatusFailed;
                        else
                        {
                            DateTime end = DateTime.Now;
                            TimeSpan duration = end - start;
                            if (duration.TotalMilliseconds > Timeout)
                            {
                                Status = StatusFailed;
                            }
                        }
                    }
   */
            }
 
        
            catch (Exception ex)
            {

                var msg = dumpRunArguments(command, wait);
                msg = string.Format("Command execution failed:\n{0}", msg);

                if (Log.WriteLog != null)
                {
                    Log.WriteLog("ERROR: " + msg);
                }

                if (ex is TimeoutException)
                {
                    if (Log.WriteLog != null)
                    {
                        Log.WriteLog("ERROR: Exception is timeout, trying to kill process: "+ ex.Message);
                    }

                    if ((scope != null) && (processId[0] != 0))
                    {
                        bool found;
                        tryKillProcess(scope, processId[0], out found);
                    }
                }
 
                throw new Exception(msg, ex);
            }
            finally
            {
                if (watcher != null)
                {
                    watcher.Stop();
                    watcher.Dispose();
                }
            }
         
        }
        // The main entry point for the application.
        static void Main(string[] args)
        {
            // Get the name of the computer on
            // which this program runs.
            // Note. The monitored application must also run
            // on this computer.
            string machine = Environment.MachineName;

            // Define the Common Information Model (CIM) path
            // for WIM monitoring.
            string path = String.Format("\\\\{0}\\root\\aspnet",
                machine);

            // Create a managed object watcher as
            // defined in System.Management.
            string query = "select * from BaseEvent";
            ManagementEventWatcher watcher =
                new ManagementEventWatcher(query);

            // Set the watcher options.
            TimeSpan timeInterval = new TimeSpan(0, 1, 30);
            watcher.Options =
                new EventWatcherOptions(null,
                timeInterval, 1);

            // Set the scope of the WMI events to
            // watch to be ASP.NET applications.
            watcher.Scope =
                new ManagementScope(new ManagementPath(path));

            // Set the console background.
            Console.BackgroundColor = ConsoleColor.Blue;
            // Set foreground color.
            Console.ForegroundColor = ConsoleColor.Yellow;
            // Clear the console.
            Console.Clear();

            // Loop indefinitely to catch the events.
            Console.WriteLine(
                "Listener started. Enter CntlC to terminate");

            while (true) {
                try {
                    // Capture the WMI event related to
                    // the Web event.
                    ManagementBaseObject ev =
                        watcher.WaitForNextEvent();
                    // Display the Web event information.
                    DisplayEventInformation(ev);

                    // Prompt the user.
                    Console.Beep();

                } catch (Exception e) {
                    Console.WriteLine("Error: {0}", e);
                    break;
                }
            }
        }