Solved

C# - Get Process Path From Management Watcher

Posted on 2012-04-07
6
1,945 Views
Last Modified: 2012-04-08
Hi,
I know how to get the process names that start on Windows, however, I am unable to get the process paths of the names...

Here's my attempt:

       
                var mgmtWtch = new ManagementEventWatcher("Select * From Win32_ProcessStartTrace");
                mgmtWtch.EventArrived += new EventArrivedEventHandler(mgmtWtch_EventArrived);
                mgmtWtch.Start();

 private void mgmtWtch_EventArrived(object sender, EventArrivedEventArgs e)
        {
            String ProcessName = e.NewEvent.Properties["ProcessName"].Value.ToString();
            Process n = Process.GetProcessById(Convert.ToInt32(e.NewEvent.Properties["ProcessID"].Value));
            String ProcessPath = n.MainModule.FileName;
            if(!String.IsNullOrEmpty(ProcessName))
            {
                MessageBox.Show(ProcessName + "\n" + ProcessPath);
            }
        }

Open in new window


When I start a process, it returns an exception on GetProcessById() that "No process with pid #### exists", even though it does. Maybe something to do with this being a 32 bit application and I'm running x64 processes? It did work with one x86 process. Other times it will throw an exception "Access Denied" on n.MainModule.FileName...

Hoping someone knows a better way to do this.

Thanks!
0
Comment
Question by:SteveDXL
6 Comments
 

Author Comment

by:SteveDXL
ID: 37820424
Ah yes definitely seems like the issue is not being able to find 64bit processes from a 32 bit application. Compiling this app as a a 64 bit or "Any CPU" will cause a ton of other problems , because its intended to monitor a 32 bit process.

Hopeless?
0
 
LVL 3

Expert Comment

by:fjocke
ID: 37820743
Is what you are trying todo here, get running processes on the computer? Does it have to be from the Management Watcher?
0
 
LVL 1

Accepted Solution

by:
hintco earned 500 total points
ID: 37820760
This is the best way to get the process path.
try it.
;)
                    //Get Command Line from the process
                    string wmiQuery = string.Format("select CommandLine from Win32_Process where Name='{0}'", p.ProcessName + ".exe");
                    ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmiQuery);
                    ManagementObjectCollection retObjectCollection = searcher.Get();
                    foreach (ManagementObject retObject in retObjectCollection)
                    {
                        if (retObject["CommandLine"] != null)

                            MessageBox.Show("Command_Line: {0}", retObject["CommandLine"].ToString());
                    }

Open in new window


and let's try to run your application as administrator.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 20

Expert Comment

by:BuggyCoder
ID: 37820975
Here is another way to do it, probably allowing System.Diagnostics and Bit of LINQ to help you:-
var lstPaths = Process.GetProcesses().Select(p => p.Modules[0].FileName);

foreach(var item in lstPaths)
{
 //do your magic here.               
}

Open in new window

Two things to note however:-
1. Run your app(even VS) as an administrator
2. For 64-bit processes you need to compile the app with Target as x64.
0
 

Author Comment

by:SteveDXL
ID: 37821327
Thanks to everyone for offering their insight!

@hintco, this appears to be the best solution. Last night I came up with

const string wmiQueryString = "SELECT ProcessId, ExecutablePath, CommandLine FROM Win32_Process";
               using (var searcher = new ManagementObjectSearcher(wmiQueryString))
               using (var results = searcher.Get())
               {
                   var query = from p in Process.GetProcesses()
                               join mo in results.Cast<ManagementObject>()
                                   on (int)(uint)e.NewEvent.Properties["ProcessID"].Value equals (int)(uint)mo["ProcessId"]
                               select new
                                          {
                                              Process = p,
                                              Path = (string) mo["ExecutablePath"],
                                              CommandLine = (string) mo["CommandLine"],
                                          };
                   foreach (var item in query)
                   {
                       //stuff
                       break;
                   }

Open in new window


but your code seems to be much cleaner and less taxing.

Thanks again to all!
0
 

Author Closing Comment

by:SteveDXL
ID: 37821330
Perfect
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you haven’t already, I encourage you to read the first article (http://www.experts-exchange.com/articles/18680/An-Introduction-to-R-Programming-and-R-Studio.html) in my series to gain a basic foundation of R and R Studio.  You will also find the …
This article will show, step by step, how to integrate R code into a R Sweave document
The goal of this video is to provide viewers with basic examples to understand and use switch statements in the C programming language.
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question