问题
There is a very clear answer here on how to monitor processes. It works like a charm... except it must be run in elevated mode, which is a definite non-option for me in the context of my program.
What I need to do is basically monitor all new processes and compare them against a predetermined list. I would like to do this without simply using a stopwatch and polling for any new processes.
Does anyone know of an event that would be raised similar to the ManagementEventWatcher that doesn't require to be run as administrator?
Thanks!
回答1:
You can get all working processes with Process.GetProcesses();, then you can iterate thought them and get their name and some info, but more advanced things do require elevated permissions.
回答2:
I had the same problem as OP but managed to use ManagementEventWatcher as non-admin by providing a specific query:
string queryString = "SELECT * FROM __InstanceCreationEvent WITHIN .025 WHERE TargetInstance ISA 'Win32_Process'";
ManagementEventWatcher managementEventWatcher = new ManagementEventWatcher(@"\\.\root\CIMV2", queryString);
managementEventWatcher.EventArrived += ProcessStartEventArrived;
managementEventWatcher.Start();
WITHIN is the timeframe to be notified in.
Stopping is done the same way but using __InstanceDeletionEvent
string queryString = "SELECT * FROM __InstanceDeletionEvent WITHIN .025 WHERE TargetInstance ISA 'Win32_Process'";
来源:https://stackoverflow.com/questions/38963224/monitor-new-processes-as-a-non-admin