Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2247
  • Last Modified:

C# - Get Process Path From Management Watcher

Hi,
I know how to get the process names that start on Windows, however, I am unable to get the process paths of the names...

Here's my attempt:

       
                var mgmtWtch = new ManagementEventWatcher("Select * From Win32_ProcessStartTrace");
                mgmtWtch.EventArrived += new EventArrivedEventHandler(mgmtWtch_EventArrived);
                mgmtWtch.Start();

 private void mgmtWtch_EventArrived(object sender, EventArrivedEventArgs e)
        {
            String ProcessName = e.NewEvent.Properties["ProcessName"].Value.ToString();
            Process n = Process.GetProcessById(Convert.ToInt32(e.NewEvent.Properties["ProcessID"].Value));
            String ProcessPath = n.MainModule.FileName;
            if(!String.IsNullOrEmpty(ProcessName))
            {
                MessageBox.Show(ProcessName + "\n" + ProcessPath);
            }
        }

Open in new window


When I start a process, it returns an exception on GetProcessById() that "No process with pid #### exists", even though it does. Maybe something to do with this being a 32 bit application and I'm running x64 processes? It did work with one x86 process. Other times it will throw an exception "Access Denied" on n.MainModule.FileName...

Hoping someone knows a better way to do this.

Thanks!
0
SteveDXL
Asked:
SteveDXL
1 Solution
 
SteveDXLAuthor Commented:
Ah yes definitely seems like the issue is not being able to find 64bit processes from a 32 bit application. Compiling this app as a a 64 bit or "Any CPU" will cause a ton of other problems , because its intended to monitor a 32 bit process.

Hopeless?
0
 
fjockeCommented:
Is what you are trying todo here, get running processes on the computer? Does it have to be from the Management Watcher?
0
 
hintcoCommented:
This is the best way to get the process path.
try it.
;)
                    //Get Command Line from the process
                    string wmiQuery = string.Format("select CommandLine from Win32_Process where Name='{0}'", p.ProcessName + ".exe");
                    ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmiQuery);
                    ManagementObjectCollection retObjectCollection = searcher.Get();
                    foreach (ManagementObject retObject in retObjectCollection)
                    {
                        if (retObject["CommandLine"] != null)

                            MessageBox.Show("Command_Line: {0}", retObject["CommandLine"].ToString());
                    }

Open in new window


and let's try to run your application as administrator.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
BuggyCoderCommented:
Here is another way to do it, probably allowing System.Diagnostics and Bit of LINQ to help you:-
var lstPaths = Process.GetProcesses().Select(p => p.Modules[0].FileName);

foreach(var item in lstPaths)
{
 //do your magic here.               
}

Open in new window

Two things to note however:-
1. Run your app(even VS) as an administrator
2. For 64-bit processes you need to compile the app with Target as x64.
0
 
SteveDXLAuthor Commented:
Thanks to everyone for offering their insight!

@hintco, this appears to be the best solution. Last night I came up with

const string wmiQueryString = "SELECT ProcessId, ExecutablePath, CommandLine FROM Win32_Process";
               using (var searcher = new ManagementObjectSearcher(wmiQueryString))
               using (var results = searcher.Get())
               {
                   var query = from p in Process.GetProcesses()
                               join mo in results.Cast<ManagementObject>()
                                   on (int)(uint)e.NewEvent.Properties["ProcessID"].Value equals (int)(uint)mo["ProcessId"]
                               select new
                                          {
                                              Process = p,
                                              Path = (string) mo["ExecutablePath"],
                                              CommandLine = (string) mo["CommandLine"],
                                          };
                   foreach (var item in query)
                   {
                       //stuff
                       break;
                   }

Open in new window


but your code seems to be much cleaner and less taxing.

Thanks again to all!
0
 
SteveDXLAuthor Commented:
Perfect
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now