Tag Archives: Win32_ProcessStartTrace
There are numerous of ways to detect if a new process has started or stopped, sadly the majority of them are extremely inefficient as it requires you to keep looping through the active process constantly to see if a new one appeared in the array or if one is not there any more.
Luckily the windows
Win32_ProcessStopTrace classes are here to help out.
The first thing we need to do is reference System.Management.dll in our project. Then we need to define the scope in your class which we will be using.
After that we need to initialise the class which will contain the process start and process stopped events and add the handlers and their methods.
Add the two following variables in your Class.
ManagementEventWatcher processStartEvent = new ManagementEventWatcher("SELECT * FROM Win32_ProcessStartTrace");
ManagementEventWatcher processStopEvent = new ManagementEventWatcher("SELECT * FROM Win32_ProcessStopTrace");
In your constructor the event handlers need to be added.
processStartEvent.EventArrived += new EventArrivedEventHandler(processStartEvent_EventArrived);
processStopEvent.EventArrived += new EventArrivedEventHandler(processStopEvent_EventArrived);
and then their event methods that will be trigged when a process either starts or stops.
void processStartEvent_EventArrived(object sender, EventArrivedEventArgs e)
// A new process has started
void processStopEvent_EventArrived(object sender, EventArrivedEventArgs e)
// A process has been stopped
And finally we need to start the events by using