[RESOLVED] Monitor Process Creation and Deletion without WMI

[stronius]

The following is an example of monitoring opened or closed processes without using WMI. First you copy an initial processes list to array, then based on a timer, can call the checkProcess() function which will compare the latest processes list with your original, and record any opened or closed processes into a variable called processActivity.

First, variable declarations...

Code:

    Dim processesList As String 'Containts initial processes list.
    Dim processActivity As String 'Containts all opened / closed processes.
    Dim processesAtStart As New ArrayList 'Original Processes List as ArrayList. (Used to Compare)
    Dim processesCheck As New ArrayList 'Latest Processes List as ArrayList. (Used to Compare)

Then, I create an initial processes list in the form of string, and of an arrayList (So that it can be compared) ...

Code:

        Dim proc As New Process
        For Each proc In Process.GetProcesses
            Try
                processesList = processesList + proc.MainModule.ModuleName + " - " + proc.MainModule.FileName + ControlChars.NewLine
                processesAtStart.Add(proc.MainModule.ModuleName + " - " + proc.MainModule.FileName)
            Catch ex As Exception
                processesList = processesList + proc.ProcessName + ControlChars.NewLine
                processesAtStart.Add(proc.ProcessName)
            End Try
        Next
        proc.Dispose()

Next, I create a procedure, which will be called based on a timer to check the latest processes list with the initial processes list and record any opened or closed processes...

Code:

    Public Sub processCheck()

        'Gets latest processes list and compares it to initial list.
        processesCheck.Clear()

        Dim proc As New Process
        For Each proc In Process.GetProcesses
            Try
                processesCheck.Add(proc.MainModule.ModuleName + " - " + proc.MainModule.FileName)
            Catch ex As Exception
                processesCheck.Add(proc.ProcessName)
            End Try
        Next
        proc.Dispose()

        'Convert list into array to be compared
        Dim latestProcesses() As String = DirectCast(processesCheck.ToArray(GetType(String)), String())
        Dim initialProcesses() As String = DirectCast(processesAtStart.ToArray(GetType(String)), String())

        'Find Closed Processes
        For Each item As String In initialProcesses
            If (Array.IndexOf(latestProcesses, item) = -1) Then
                processActivity = processActivity + ControlChars.NewLine + "Closed : " + item
                processesAtStart.Remove(item)
            End If
        Next
        'Find Opened Processes
        For Each item As String In latestProcesses
            If (Array.IndexOf(initialProcesses, item) = -1) Then
                processActivity = processActivity + ControlChars.NewLine + "Opened : " + item
                processesAtStart.Add(item)
            End If
        Next

    End Sub

Enjoy! Use my code as you like and I appreciate suggestion and improvements!

[minitech]

If you use a List(Of String) instead of an ArrayList, you can avoid the unnecessary DirectCast and GetType statements. In fact, you can call IndexOf directly on a List(Of String), so there would be no need to use ToArray() and Array.IndexOf().