/// <summary>
/// This event is fired whenever a new process starts.
/// </summary>
/// <param name="sender">
/// Don't care, though it's probably the ManagementEventWatcher
/// </param>
/// <param name="e">
/// Event Arguments which tell us info about the process which just started.
/// </param>
private void ProcessStartHandler(object sender, EventArrivedEventArgs e)
{
try {
var eventArgs = new ProcessFoundEventArgs(
e.NewEvent.Properties["ProcessName"].Value.ToString(),
Int32.Parse(e.NewEvent.Properties["ProcessID"].Value.ToString()),
Int32.Parse(e.NewEvent.Properties["ParentProcessID"].Value.ToString())
);
ProcessDiscovered?.Invoke("ProcessWatcher", eventArgs);
} finally {
// e.NewEvent causes a memory leak.
// See https://social.msdn.microsoft.com/Forums/vstudio/en-US/158d5f4b-1238-4854-a66c-b51e37550c52/memory-leak-in-wmi-when-querying-event-logs
e.NewEvent.Dispose();
}
}
/// <summary>
/// This event is fired whenever a new process starts.
/// </summary>
/// <param name="sender">
/// Don't care, though it's probably the ManagementEventWatcher
/// </param>
/// <param name="e">
/// Event Arguments which tell us info about the process which just started.
/// </param>
private void ProcessStartHandler(object sender, EventArrivedEventArgs e)
{
try {
var eventArgs = new ProcessFoundEventArgs(
e.NewEvent.Properties["ProcessName"].Value.ToString(),
Int32.Parse(e.NewEvent.Properties["ProcessID"].Value.ToString()),
Int32.Parse(e.NewEvent.Properties["ParentProcessID"].Value.ToString())
);
ProcessDiscovered?.Invoke("ProcessWatcher", eventArgs);
} finally {
// e.NewEvent causes a memory leak.
// See https://social.msdn.microsoft.com/Forums/vstudio/en-US/158d5f4b-1238-4854-a66c-b51e37550c52/memory-leak-in-wmi-when-querying-event-logs
e.NewEvent.Dispose();
}
}
internal void HandleProcessWatcherNewProcessFound(object sender, ProcessFoundEventArgs e)
{
var lowerProcessName = e.ProcessName.ToLower();
// logger.Info("$$$$$$$$$$");
// logger.Info(lowerProcessName);
// logger.Info("$$$$$$$$$$");
HashSet<Action<CreatedProcessDescriptor>> handlers;
if (processSpawnedHandlersByProcessName.TryGetValue(lowerProcessName, out handlers)) {
foreach (var handler in handlers) {
try {
handler(new CreatedProcessDescriptor(e.ProcessName, e.ProcessID, e.ParentProcessID));
} catch (Exception ex) {
logger.Error("Process watcher handler threw", ex);
}
}
}
}
internal void HandleProcessWatcherNewProcessFound(object sender, ProcessFoundEventArgs e)
{
var lowerProcessName = e.ProcessName.ToLower();
// logger.Info("$$$$$$$$$$");
// logger.Info(lowerProcessName);
// logger.Info("$$$$$$$$$$");
HashSet <Action <CreatedProcessDescriptor> > handlers;
if (processSpawnedHandlersByProcessName.TryGetValue(lowerProcessName, out handlers))
{
foreach (var handler in handlers)
{
try {
handler(new CreatedProcessDescriptor(e.ProcessName, e.ProcessID, e.ParentProcessID));
} catch (Exception ex) {
logger.Error("Process watcher handler threw", ex);
}
}
}
}