Hi, I've got a VB 2005 application function that spawns a background process - in this function I have the following code:
Private oProc As System.Diagnostics.Process
'Run process code
Dim sShellCommand As String = "C:\Program Files\Wireshark\TShark.exe"
Dim sArgumentString As String = "-i "& iInterfaceID & " -w """& sOutputFile & """ & -a duration:"& lDuration & " -a files:"& lNumFiles & " -a:filesize:"& lFileSize
Dim oProcInfo As New System.Diagnostics.ProcessStartInfo(sShellCommand)
.UseShellExecute = False
'I tried changing this to true and passing a CTRL+C
'through a Streamwriter - but I couldn't get it to work
.RedirectStandardInput = False
.CreateNoWindow = True
.WindowStyle = ProcessWindowStyle.Hidden
.Arguments = sArgumentString
oProc = System.Diagnostics.Process.Start(oProcInfo)
'This code basically stops here until the process raises an Exited event which either happens after the specified amount of time has elapsed
'and TShark has finished doing its thing, or when the process is stopped (interrupted) by the user.
'End code block
Now - this process spawns perfectly and does everything it needs to do. If you know anything about Wireshark - the TShark process will basically run for a specified amount of time [lDuration] and then close the file it's writing. This all works perfectly.
I have another routine that allows the user to kill the process early that contains the following code:
'Interrupt process code
oProc.Close() 'Need to replace this line with a means of sending CTRL+C to oProc
If Not oProc.HasExited Then
'End code block
Now - when this process closes, it *should* raise an exited event which would cause the first block of code's "WaitForExit()" line to continue what that block of code is doing. The problem is that oProc.Close() doesn't appear able to stop the TShark instance. So I added the "failsafe" mechanism which says if it hasn't closed after a second, then kill it. oProc.Close() won't (for whatever reason) stop TShark, so the Kill mechanism is always invoked after a second. The oProc.Kill() terminates TShark immediately - the first block of code receives the "Exited" event and carries on its merry way as it is supposed to do. However, if you don't stop TShark cleanly (CTRL+C when running manually), the file that TShark was in the middle of writing is just abandoned and not closed properly. Consequently, when you open the file in Wireshark it complains that the file was terminated mid-packet.
When running TShark from the command line, the only way I've found to interrupt the TShark process is using the CTRL+C keystroke. This initiates TShark's close process which closes the file cleanly. I can't however find a way to successfully send the CTRL+C sequence to oProc - which I would like to keep running as a background process.
This should only be a minor annoyance, but it's bugging the hell out of me. I've tried every way I can think of to get the process to close cleanly. Anyone got any ideas?