private void HandleProcessDeletion(object sender, EventArrivedEventArgs e)
{
//Console.WriteLine("Event arrived !");
CLogger.WriteLog(ELogLevel.DEBUG, "Process killed arrived: # " + count++);
try
{
// Get the Event object
Win32ProcessInfo newInfo = new Win32ProcessInfo();
newInfo.processID = Convert.ToInt32(e.NewEvent.Properties["ProcessId"].Value.ToString());
newInfo.timeStamp = DateTime.Now;
//CLogger.WriteLog(ELogLevel.DEBUG, managementObject.GetText(TextFormat.Mof));
//MessageBox.Show("Here");
//Win32ProcessInfo newInfo = processProcDeleteObject(managementObject);
lock (killedProcessList)
{
killedProcessList.Add(newInfo);
}
}
catch (Exception ex)
{
//throw (new System.Exception(ex.Message));
CLogger.WriteLog(ELogLevel.ERROR, ex.Message + "\n" + ex.StackTrace);
}
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
void TrimOpenAccessTimer_Elapsed(object sender, ElapsedEventArgs e)
{
CLogger.WriteLog(ELogLevel.INFO, "In Timer fired");
Win32ProcessInfo procInfo;
try
{
Process[] explorerProcList = Process.GetProcessesByName("explorer.exe");
Process explorerInfo;
DateTime timestamp = DateTime.Now;
timestamp = timestamp.AddMinutes(-TRIM_OPEN_ACCESS_INTERVAL);
for (int i = 0; i < explorerProcList.Length; i++)
{
explorerInfo = explorerProcList[i];
procInfo = new Win32ProcessInfo();
procInfo.processID = explorerInfo.Id;
procInfo.timeStamp = timestamp;
lock(killedProcessList)
{
killedProcessList.Add(procInfo);
}
}
}
catch (Exception exc)
{
CLogger.WriteLog(ELogLevel.INFO, "Exception occurred while opening explorer.exe but its ok to proceed." +
" System error: " +exc.Message);
}
/* Get the list of processes killed from table
* Delete the entries from OPENACCESS with those pids which have entries older by
* TRIM_OPEN_ACCESS_INTERVAL minutes */
// Make a copy of the killedProcessList
List<Win32ProcessInfo> currentList;
lock (killedProcessList)
{
currentList = new List<Win32ProcessInfo>(killedProcessList);
killedProcessList.Clear();
}
try
{
for (int i = currentList.Count; i > 0; i--)
{
procInfo = currentList[i-1];
DateTime timeStamp = DateTime.Now;
timeStamp = timeStamp.AddMinutes(-TRIM_OPEN_ACCESS_INTERVAL);
if (timeStamp >= procInfo.timeStamp)
{
using (SQLiteCommand cmd = new SQLiteCommand())
{
cmd.Connection = conn;
cmd.CommandText = "DELETE FROM OPENACCESS WHERE pid =" + procInfo.processID +
" AND timestamp <= @TS";
SQLiteParameter param = cmd.CreateParameter();
param.ParameterName = "@TS";
param.DbType = DbType.DateTime;
param.Value = procInfo.timeStamp;
cmd.Parameters.Add(param);
int rowsAffected = cmd.ExecuteNonQuery();
CLogger.WriteLog(ELogLevel.DEBUG, "Removed pid: " + procInfo.processID);
currentList.RemoveAt(i-1);
}
}
}
/* Add the remaining elements in the current list to the killedProcessList
* which might have changed when were deleting the records
*
*/
lock (killedProcessList)
{
killedProcessList.AddRange(currentList);
}
}
catch (Exception exc)
{
CLogger.WriteLog(ELogLevel.ERROR, exc.Message + "\n" + exc.StackTrace);
}
}
Win32ProcessInfo processProcDeleteObject(ManagementBaseObject obj)
{
Win32ProcessInfo newInfo = new Win32ProcessInfo();
try
{
newInfo.processID = (int)Convert.ToUInt32(obj.Properties["ProcessId"].Value.ToString());
//Console.WriteLine("Event arrived ");
newInfo.timeStamp = DateTime.Now;
}
catch (Exception ex)
{
throw (new System.Exception(ex.Message));
}
return newInfo;
}