Solved

C# - Get Process Path From Management Watcher

Posted on 2012-04-07
6
1,918 Views
Last Modified: 2012-04-08
Hi,
I know how to get the process names that start on Windows, however, I am unable to get the process paths of the names...

Here's my attempt:

       
                var mgmtWtch = new ManagementEventWatcher("Select * From Win32_ProcessStartTrace");
                mgmtWtch.EventArrived += new EventArrivedEventHandler(mgmtWtch_EventArrived);
                mgmtWtch.Start();

 private void mgmtWtch_EventArrived(object sender, EventArrivedEventArgs e)
        {
            String ProcessName = e.NewEvent.Properties["ProcessName"].Value.ToString();
            Process n = Process.GetProcessById(Convert.ToInt32(e.NewEvent.Properties["ProcessID"].Value));
            String ProcessPath = n.MainModule.FileName;
            if(!String.IsNullOrEmpty(ProcessName))
            {
                MessageBox.Show(ProcessName + "\n" + ProcessPath);
            }
        }

Open in new window


When I start a process, it returns an exception on GetProcessById() that "No process with pid #### exists", even though it does. Maybe something to do with this being a 32 bit application and I'm running x64 processes? It did work with one x86 process. Other times it will throw an exception "Access Denied" on n.MainModule.FileName...

Hoping someone knows a better way to do this.

Thanks!
0
Comment
Question by:SteveDXL
6 Comments
 

Author Comment

by:SteveDXL
ID: 37820424
Ah yes definitely seems like the issue is not being able to find 64bit processes from a 32 bit application. Compiling this app as a a 64 bit or "Any CPU" will cause a ton of other problems , because its intended to monitor a 32 bit process.

Hopeless?
0
 
LVL 3

Expert Comment

by:fjocke
ID: 37820743
Is what you are trying todo here, get running processes on the computer? Does it have to be from the Management Watcher?
0
 
LVL 1

Accepted Solution

by:
hintco earned 500 total points
ID: 37820760
This is the best way to get the process path.
try it.
;)
                    //Get Command Line from the process
                    string wmiQuery = string.Format("select CommandLine from Win32_Process where Name='{0}'", p.ProcessName + ".exe");
                    ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmiQuery);
                    ManagementObjectCollection retObjectCollection = searcher.Get();
                    foreach (ManagementObject retObject in retObjectCollection)
                    {
                        if (retObject["CommandLine"] != null)

                            MessageBox.Show("Command_Line: {0}", retObject["CommandLine"].ToString());
                    }

Open in new window


and let's try to run your application as administrator.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 20

Expert Comment

by:BuggyCoder
ID: 37820975
Here is another way to do it, probably allowing System.Diagnostics and Bit of LINQ to help you:-
var lstPaths = Process.GetProcesses().Select(p => p.Modules[0].FileName);

foreach(var item in lstPaths)
{
 //do your magic here.               
}

Open in new window

Two things to note however:-
1. Run your app(even VS) as an administrator
2. For 64-bit processes you need to compile the app with Target as x64.
0
 

Author Comment

by:SteveDXL
ID: 37821327
Thanks to everyone for offering their insight!

@hintco, this appears to be the best solution. Last night I came up with

const string wmiQueryString = "SELECT ProcessId, ExecutablePath, CommandLine FROM Win32_Process";
               using (var searcher = new ManagementObjectSearcher(wmiQueryString))
               using (var results = searcher.Get())
               {
                   var query = from p in Process.GetProcesses()
                               join mo in results.Cast<ManagementObject>()
                                   on (int)(uint)e.NewEvent.Properties["ProcessID"].Value equals (int)(uint)mo["ProcessId"]
                               select new
                                          {
                                              Process = p,
                                              Path = (string) mo["ExecutablePath"],
                                              CommandLine = (string) mo["CommandLine"],
                                          };
                   foreach (var item in query)
                   {
                       //stuff
                       break;
                   }

Open in new window


but your code seems to be much cleaner and less taxing.

Thanks again to all!
0
 

Author Closing Comment

by:SteveDXL
ID: 37821330
Perfect
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Please explain "Multi-Tenant Services" 5 64
Excel file not created as expected 7 50
VB.Net How to Exit Sub - Exit Form??? 5 51
Problem to picture file 20 34
This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
The goal of this video is to provide viewers with basic examples to understand and use switch statements in the C programming language.
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now