Solved

C# - Get Process Path From Management Watcher

Posted on 2012-04-07
6
2,007 Views
Last Modified: 2012-04-08
Hi,
I know how to get the process names that start on Windows, however, I am unable to get the process paths of the names...

Here's my attempt:

       
                var mgmtWtch = new ManagementEventWatcher("Select * From Win32_ProcessStartTrace");
                mgmtWtch.EventArrived += new EventArrivedEventHandler(mgmtWtch_EventArrived);
                mgmtWtch.Start();

 private void mgmtWtch_EventArrived(object sender, EventArrivedEventArgs e)
        {
            String ProcessName = e.NewEvent.Properties["ProcessName"].Value.ToString();
            Process n = Process.GetProcessById(Convert.ToInt32(e.NewEvent.Properties["ProcessID"].Value));
            String ProcessPath = n.MainModule.FileName;
            if(!String.IsNullOrEmpty(ProcessName))
            {
                MessageBox.Show(ProcessName + "\n" + ProcessPath);
            }
        }

Open in new window


When I start a process, it returns an exception on GetProcessById() that "No process with pid #### exists", even though it does. Maybe something to do with this being a 32 bit application and I'm running x64 processes? It did work with one x86 process. Other times it will throw an exception "Access Denied" on n.MainModule.FileName...

Hoping someone knows a better way to do this.

Thanks!
0
Comment
Question by:SteveDXL
6 Comments
 

Author Comment

by:SteveDXL
ID: 37820424
Ah yes definitely seems like the issue is not being able to find 64bit processes from a 32 bit application. Compiling this app as a a 64 bit or "Any CPU" will cause a ton of other problems , because its intended to monitor a 32 bit process.

Hopeless?
0
 
LVL 3

Expert Comment

by:fjocke
ID: 37820743
Is what you are trying todo here, get running processes on the computer? Does it have to be from the Management Watcher?
0
 
LVL 1

Accepted Solution

by:
hintco earned 500 total points
ID: 37820760
This is the best way to get the process path.
try it.
;)
                    //Get Command Line from the process
                    string wmiQuery = string.Format("select CommandLine from Win32_Process where Name='{0}'", p.ProcessName + ".exe");
                    ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmiQuery);
                    ManagementObjectCollection retObjectCollection = searcher.Get();
                    foreach (ManagementObject retObject in retObjectCollection)
                    {
                        if (retObject["CommandLine"] != null)

                            MessageBox.Show("Command_Line: {0}", retObject["CommandLine"].ToString());
                    }

Open in new window


and let's try to run your application as administrator.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 20

Expert Comment

by:BuggyCoder
ID: 37820975
Here is another way to do it, probably allowing System.Diagnostics and Bit of LINQ to help you:-
var lstPaths = Process.GetProcesses().Select(p => p.Modules[0].FileName);

foreach(var item in lstPaths)
{
 //do your magic here.               
}

Open in new window

Two things to note however:-
1. Run your app(even VS) as an administrator
2. For 64-bit processes you need to compile the app with Target as x64.
0
 

Author Comment

by:SteveDXL
ID: 37821327
Thanks to everyone for offering their insight!

@hintco, this appears to be the best solution. Last night I came up with

const string wmiQueryString = "SELECT ProcessId, ExecutablePath, CommandLine FROM Win32_Process";
               using (var searcher = new ManagementObjectSearcher(wmiQueryString))
               using (var results = searcher.Get())
               {
                   var query = from p in Process.GetProcesses()
                               join mo in results.Cast<ManagementObject>()
                                   on (int)(uint)e.NewEvent.Properties["ProcessID"].Value equals (int)(uint)mo["ProcessId"]
                               select new
                                          {
                                              Process = p,
                                              Path = (string) mo["ExecutablePath"],
                                              CommandLine = (string) mo["CommandLine"],
                                          };
                   foreach (var item in query)
                   {
                       //stuff
                       break;
                   }

Open in new window


but your code seems to be much cleaner and less taxing.

Thanks again to all!
0
 

Author Closing Comment

by:SteveDXL
ID: 37821330
Perfect
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
This article will show, step by step, how to integrate R code into a R Sweave document
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question