tags:

views:

948

answers:

2
+2  Q: 

C# Process Monitor

Is there a way to determine when the last time a specific machine last ran a process?

I can use the following to determine if a process is running, but the application cannot grab the process if it has since stopped.

Process[] process = Process.GetProcessesByName(processName, serverName);

(C# por favor)

+4  A: 

You won't be able to do this using the Process class. However, it should be possible to figure out when an application was last run by configuring audit process tracking in Windows. The following links might get you started:

Audit process tracking

How can I track what programs come and go on my machine?

The process tracking will create entries in the Windows event log which you can then access using C#.

0xA3
+4  A: 

WMI provides a way to track processes starting and terminating with the Win32_ProcessTrace classes. Best shown with an example. Start a new Console application, Project + Add Reference, select System.Management. Paste this code:

using System;
using System.Management;

class Process {
  public static void Main() {
    ManagementEventWatcher startWatch = new ManagementEventWatcher(
      new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace"));
    startWatch.EventArrived += new EventArrivedEventHandler(startWatch_EventArrived);
    startWatch.Start();
    ManagementEventWatcher stopWatch = new ManagementEventWatcher(
      new WqlEventQuery("SELECT * FROM Win32_ProcessStopTrace"));
    stopWatch.EventArrived += new EventArrivedEventHandler(stopWatch_EventArrived);
    stopWatch.Start();
    Console.WriteLine("Press ENTER to exit");
    Console.ReadLine();
    startWatch.Stop();
    stopWatch.Stop();
  }

  static void stopWatch_EventArrived(object sender, EventArrivedEventArgs e) {
    Console.WriteLine("Process stopped: {0}", e.NewEvent.Properties["ProcessName"].Value);
  }

  static void startWatch_EventArrived(object sender, EventArrivedEventArgs e) {
    Console.WriteLine("Process started: {0}", e.NewEvent.Properties["ProcessName"].Value);
  }
}

Run this and start some programs to see it at work. Beware that it is not especially quick.

Hans Passant
Thank you. Just tried it and it works perfectly.
Norla