private void SaveCreateProcess(ManagementBaseObject mbo)
{
var appMon = new EntityAppMonitor();
try
{
int sessionId;
if (!int.TryParse(mbo["SessionId"].ToString(), out sessionId))
{
return;
}
int processId;
if (!int.TryParse(mbo["ProcessId"].ToString(), out processId))
{
return;
}
appMon.Name = mbo["Name"].ToString();
appMon.Path = mbo["ExecutablePath"].ToString();
var path = appMon.Path.Substring(2).ToLower();
if (path.StartsWith(@"\users\"))
{
appMon.Path = @"%userprofile%\" + String.Join("\\", path.Split('\\').Skip(3));
}
appMon.StartDateTime = DateTime.UtcNow.ToString(CultureInfo.InvariantCulture);
appMon.Pid = processId;
appMon.UserName = ServiceUserLogins.GetUserNameFromSessionId(sessionId, true);
if (appMon.UserName == "SYSTEM")
{
return;
}
}
catch
{
//ignored
return;
}
new ServiceAppMonitor().AddAppEvent(appMon);
}
private void SaveDeleteProcess(ManagementBaseObject mbo)
{
var appMon = new EntityAppMonitor();
try
{
int sessionId;
if (!int.TryParse(mbo["SessionId"].ToString(), out sessionId))
{
return;
}
int processId;
if (!int.TryParse(mbo["ProcessId"].ToString(), out processId))
{
return;
}
appMon.Name = mbo["Name"].ToString();
appMon.Path = mbo["ExecutablePath"].ToString();
appMon.EndDateTime = DateTime.UtcNow.ToString(CultureInfo.InvariantCulture);
appMon.Pid = processId;
appMon.UserName = ServiceUserLogins.GetUserNameFromSessionId(sessionId, true);
if (appMon.UserName == "SYSTEM")
{
return;
}
}
catch
{
//ignored
return;
}
new ServiceAppMonitor().CloseAppEvent(appMon);
}
