private void watcher_EventArrived(object sender, EventArrivedEventArgs e)
{
string eventType = e.NewEvent.ClassPath.ClassName;
WMI.Win32.Process proc = new WMI.Win32.Process(e.NewEvent["TargetInstance"] as ManagementBaseObject);
switch (eventType)
{
case "__InstanceCreationEvent":
if (ProcessCreated != null)
{
ProcessCreated(proc);
}
break;
case "__InstanceDeletionEvent":
if (ProcessDeleted != null)
{
ProcessDeleted(proc);
}
break;
case "__InstanceModificationEvent":
if (ProcessModified != null)
{
ProcessModified(proc);
}
break;
}
}
private void watcher_EventArrived(object sender, EventArrivedEventArgs e)
{
string eventType = e.NewEvent.ClassPath.ClassName;
WMI.Win32.Process proc = new WMI.Win32.Process(e.NewEvent["TargetInstance"] as ManagementBaseObject);
switch (eventType)
{
case "__InstanceCreationEvent":
if (ProcessCreated != null)
{
ProcessCreated(proc);
}
break;
case "__InstanceDeletionEvent":
if (ProcessDeleted != null)
{
ProcessDeleted(proc);
}
break;
case "__InstanceModificationEvent":
if (ProcessModified != null)
{
ProcessModified(proc);
}
break;
}
}
private void procWatcher_ProcessCreated(WMI.Win32.Process proc)
{
try
{
PyController.system_new_process(proc.Name, proc.ProcessId, System.Diagnostics.Process.GetProcessById((int)proc.ProcessId).Handle);
}
catch
{
// Ignore
}
}
private static void procWatcher_ProcessModified(WMI.Win32.Process proc)
{
Console.Write("\n进程被修改\n " + proc.Name + " " + proc.ProcessId + " " + "时间:" + DateTime.Now);
}
private static void procWatcher_ProcessDeleted(WMI.Win32.Process proc)
{
Console.Write("\nDeleted\n " + proc.Name + " " + proc.ProcessId + " " + "DateTime:" + DateTime.Now);
}
