[RESOLVED] Monitor Process Creation and Deletion without WMI
The following is an example of monitoring opened or closed processes without using WMI. First you copy an initial processes list to array, then based on a timer, can call the checkProcess() function which will compare the latest processes list with your original, and record any opened or closed processes into a variable called processActivity.
First, variable declarations...
Code:
Dim processesList As String 'Containts initial processes list.
Dim processActivity As String 'Containts all opened / closed processes.
Dim processesAtStart As New ArrayList 'Original Processes List as ArrayList. (Used to Compare)
Dim processesCheck As New ArrayList 'Latest Processes List as ArrayList. (Used to Compare)
Then, I create an initial processes list in the form of string, and of an arrayList (So that it can be compared) ...
Code:
Dim proc As New Process
For Each proc In Process.GetProcesses
Try
processesList = processesList + proc.MainModule.ModuleName + " - " + proc.MainModule.FileName + ControlChars.NewLine
processesAtStart.Add(proc.MainModule.ModuleName + " - " + proc.MainModule.FileName)
Catch ex As Exception
processesList = processesList + proc.ProcessName + ControlChars.NewLine
processesAtStart.Add(proc.ProcessName)
End Try
Next
proc.Dispose()
Next, I create a procedure, which will be called based on a timer to check the latest processes list with the initial processes list and record any opened or closed processes...
Code:
Public Sub processCheck()
'Gets latest processes list and compares it to initial list.
processesCheck.Clear()
Dim proc As New Process
For Each proc In Process.GetProcesses
Try
processesCheck.Add(proc.MainModule.ModuleName + " - " + proc.MainModule.FileName)
Catch ex As Exception
processesCheck.Add(proc.ProcessName)
End Try
Next
proc.Dispose()
'Convert list into array to be compared
Dim latestProcesses() As String = DirectCast(processesCheck.ToArray(GetType(String)), String())
Dim initialProcesses() As String = DirectCast(processesAtStart.ToArray(GetType(String)), String())
'Find Closed Processes
For Each item As String In initialProcesses
If (Array.IndexOf(latestProcesses, item) = -1) Then
processActivity = processActivity + ControlChars.NewLine + "Closed : " + item
processesAtStart.Remove(item)
End If
Next
'Find Opened Processes
For Each item As String In latestProcesses
If (Array.IndexOf(initialProcesses, item) = -1) Then
processActivity = processActivity + ControlChars.NewLine + "Opened : " + item
processesAtStart.Add(item)
End If
Next
End Sub
Enjoy! Use my code as you like and I appreciate suggestion and improvements!
Re: [RESOLVED] Monitor Process Creation and Deletion without WMI
If you use a List(Of String) instead of an ArrayList, you can avoid the unnecessary DirectCast and GetType statements. In fact, you can call IndexOf directly on a List(Of String), so there would be no need to use ToArray() and Array.IndexOf().