All geek questions in one place

Look Up for a New Process Started Using C #

I use the code below to find any new process. This function works in a stream.

I need to enter a process name. For what I use two arraylist. On one arraist, I save all the process names before it starts the thread, and the other arraylist, I populate the current process inside the thread and compare two arraylist to find a new process.

Now the problem is that the line for writing to the log file is for each cycle, I see duplicate process names in the log file. I want it to register only once. How can i solve this?

class ProcessMonitor { public static ArrayList ExistingProcess = new ArrayList(); public static void Monitor() { existingProcesses = GetExistingProcess(); while (true) { ArrayList currentProcesses = new ArrayList(); currentProcesses = GetCurrentProcess(); ArrayList NewApps = new ArrayList(GetCurrentProcess()); foreach (var p in ExistingProcess) { NewApps.Remove(p); } string str = ""; foreach (string NewApp in NewApps) { str += "Launched ProcessName/ID : " + NewApp + "/" + System.Diagnostics.Process.GetProcessesByName(NewApp)[0].Id.ToString() + Environment.NewLine; } if(str!="") { Log.Info(str); } } } public static ArrayList GetExistingProcess() { Process[] processlist = Process.GetProcesses(); foreach (Process Proc in processlist) { ExistingProcess.Add(Proc.ProcessName); } return ExistingProcess; } public static ArrayList GetCurrentProcess() { ArrayList CurrentProcesses = new ArrayList(); Process[] processlist = Process.GetProcesses(); foreach (Process Proc in processlist) { CurrentProcesses.Add(Proc.ProcessName); } return CurrentProcesses; } }
+3
source share
2 answers

Iterative processes in Windows are very expensive. There's a better way to do this with WMI, the Win32_ProcessStartTrace class. It also automatically solves your problem, as it will tell you about the beginning of new processes. And do not need a stream.

You will find the code you need in this answer .

+4
source

I'm not quite sure what you are doing here, but the first two lines and the last line from the excerpt below basically do the same, only the last line is more expensive (since you are creating a second list of arrays from the one that GetCurrentProcess returns:

 ArrayList currentProcesses = new ArrayList(); currentProcesses = GetCurrentProcess(); ArrayList NewApps = new ArrayList(GetCurrentProcess());

Secondly, you never seem to use the currentProcess variable, as far as I can tell ... so its 100% waste. Third, why is this a problem if there are duplicate process names? The same process can be started several times, more than one instance of the process can be executed simultaneously, the process can start, stop, then start again, etc. Not necessarily "false" for the process name listed twice.

(UPDATE: One of the reasons you can get "duplicates" in your journal is that you get existingProcesses only once. Each time through a loop (which, by the way, will run at maximum speed continuously), you will getting the list of processes again and comparing them with the original existingProcesses , so the same processes listed in the previous loop ... if they are still running, will be listed again. I updated my sample code to demonstrate how to solve this problem.)

You seem to have some fundamental code errors and possibly flaws in your expectations. I would review your code as a whole, eliminate useless code (for example, the first two lines above) and generally streamline your code. (Hint: ArrayList is REALLY a bad choice ... I would use IEnumerable<T> , which does not require any conversion or a combination of the raw array). If I had to duplicate the code above with more efficient code:

 public static void Monitor() { var existingProcesses = Process.GetProcesses(); bool doProcessing = true; while (doProcessing) { var currentProcesses = Process.GetProcesses(); var newProcesses = currentProcesses.Except(existingProcesses); int capacity = newProcesses.Count() * 60; var builder = new StringBuilder(capacity); foreach (var newProcess in newProcesses) { builder.Append("Launched ProcessName/ID : "); builder.Append(newProcess.ProcessName); builder.Append("/"); builder.Append(newProcess.Id); builder.AppendLine(); } string newProcessLogEntry = builder.ToString(); if(!String.IsNullOrEmpty(newProcessLogEntry)) { Log.Info(newProcessLogEntry); } existingProcesses = currentProcesses; // Update existing processes, so you don't reprocess previously processed running apps and get "duplicate log entries" if (requestToStopMonitoring) // do something to kill this loop gracefully at some point { doProcessing = false; continue; } Thread.Sleep(5000); // Wait about 5 seconds before iterating again } }
+1
source

Source: https://habr.com/ru/post/891979/

More articles:


All Articles