WMI and Win32_ProcessStartTrace
- Thread starter vitoto
- Start date
update
Hi guys, i am using my VB.Net using Form and not Console.
How i can use Win32_ProcessStartTrace ?
I make class using :
c:\mgmtclassgen.exe Win32_ProcessStartTrace /L VB /P c:\vb\ProcessStartTrace.vb
I have file : ProcessStartTrace.vb
I insert Class in my proyect, but How use for Get all new process started ?
Thank you.
Hi guys, i am using my VB.Net using Form and not Console.
How i can use Win32_ProcessStartTrace ?
I make class using :
c:\mgmtclassgen.exe Win32_ProcessStartTrace /L VB /P c:\vb\ProcessStartTrace.vb
I have file : ProcessStartTrace.vb
I insert Class in my proyect, but How use for Get all new process started ?
Thank you.
Did you see the example in .Net documentation using Win32_LogicalDisk?
It's also available online at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrfmanagementstronglytypedclassgeneratormgmtclassgenexe.asp
Notice the /n (path) instruction and the namespace import in code.
It's also available online at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrfmanagementstronglytypedclassgeneratormgmtclassgenexe.asp
Notice the /n (path) instruction and the namespace import in code.
Actually Win32_ProcessStartTrace is also an WMI event, so I don't think this one is supposed to be used with mgmtclassgen.exe.
Doing some searches, this is the code I come up with:
(funny thing is it don't respond in debugger, only when running the compiled .exe - anyone knows why?)
You can also access the properties directly with for instance:
e.NewEvent("ProcessName") which will tell the value (process name)
Another issue worth mentioning is that I have experienced this to stop responding to process start events, had to restart the pc for it to work again, this seems to be a known bug.
Doing some searches, this is the code I come up with:
(funny thing is it don't respond in debugger, only when running the compiled .exe - anyone knows why?)
VB.NET:
[SIZE=2][COLOR=#0000ff]Dim[/COLOR][/SIZE][SIZE=2] q [/SIZE][SIZE=2][COLOR=#0000ff]As [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]New[/COLOR][/SIZE][SIZE=2] EventQuery([/SIZE][SIZE=2][COLOR=#800000]"SELECT * FROM Win32_ProcessStartTrace"[/COLOR][/SIZE][SIZE=2])
[/SIZE][SIZE=2][COLOR=#0000ff]WithEvents[/COLOR][/SIZE][SIZE=2] w [/SIZE][SIZE=2][COLOR=#0000ff]As [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]New[/COLOR][/SIZE][SIZE=2] ManagementEventWatcher(q)
[/SIZE][SIZE=2][COLOR=#0000ff]Private [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Sub[/COLOR][/SIZE][SIZE=2] Form1_Load([/SIZE][SIZE=2][COLOR=#0000ff]ByVal[/COLOR][/SIZE][SIZE=2] sender [/SIZE][SIZE=2][COLOR=#0000ff]As[/COLOR][/SIZE][SIZE=2] System.Object, [/SIZE][SIZE=2][COLOR=#0000ff]ByVal[/COLOR][/SIZE][SIZE=2] e [/SIZE][SIZE=2][COLOR=#0000ff]As[/COLOR][/SIZE][SIZE=2] System.EventArgs) [/SIZE][SIZE=2][COLOR=#0000ff]Handles [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]MyBase[/COLOR][/SIZE][SIZE=2].Load[/SIZE]
[SIZE=2][COLOR=green]'start subscribing to the WMI event[/COLOR]
[/SIZE][SIZE=2]w.Start()
[/SIZE][SIZE=2][COLOR=#0000ff]End [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Sub
[/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Private [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Sub[/COLOR][/SIZE][SIZE=2] Form1_FormClosing([/SIZE][SIZE=2][COLOR=#0000ff]ByVal[/COLOR][/SIZE][SIZE=2] sender [/SIZE][SIZE=2][COLOR=#0000ff]As [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Object[/COLOR][/SIZE][SIZE=2], [/SIZE][SIZE=2][COLOR=#0000ff]ByVal[/COLOR][/SIZE][SIZE=2] e [/SIZE][SIZE=2][COLOR=#0000ff]As[/COLOR][/SIZE][SIZE=2] System.Windows.Forms.FormClosingEventArgs) [/SIZE][SIZE=2][COLOR=#0000ff]Handles [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Me[/COLOR][/SIZE][SIZE=2].FormClosing[/SIZE]
[SIZE=2][SIZE=2][COLOR=green]'stop subscribing to the WMI event[/COLOR]
[/SIZE]w.Stop()
[/SIZE][SIZE=2][COLOR=#0000ff]End [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Sub
[/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Private [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Sub[/COLOR][/SIZE][SIZE=2] ProcStartEventArrived([/SIZE][SIZE=2][COLOR=#0000ff]ByVal[/COLOR][/SIZE][SIZE=2] sender [/SIZE][SIZE=2][COLOR=#0000ff]As [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Object[/COLOR][/SIZE][SIZE=2], [/SIZE][SIZE=2][COLOR=#0000ff]ByVal[/COLOR][/SIZE][SIZE=2] e [/SIZE][SIZE=2][COLOR=#0000ff]As[/COLOR][/SIZE][SIZE=2] EventArrivedEventArgs) [/SIZE][SIZE=2][COLOR=#0000ff]Handles[/COLOR][/SIZE][SIZE=2] w.EventArrived
[/SIZE][SIZE=2][COLOR=#008000]'Get the Event object and display it, this will list all properties and values of the [COLOR=green]Win32_ProcessStartTrace for each process started[/COLOR]
[/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]For [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Each[/COLOR][/SIZE][SIZE=2] pd [/SIZE][SIZE=2][COLOR=#0000ff]As[/COLOR][/SIZE][SIZE=2] PropertyData [/SIZE][SIZE=2][COLOR=#0000ff]In[/COLOR][/SIZE][SIZE=2] e.NewEvent.Properties
TextBox1.Text += pd.Name & [/SIZE][SIZE=2][COLOR=#800000]" "[/COLOR][/SIZE][SIZE=2] & pd.Value & Environment.NewLine
[/SIZE][SIZE=2][COLOR=#0000ff]Next
[/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]End [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Sub
[/COLOR][/SIZE]You can also access the properties directly with for instance:
e.NewEvent("ProcessName") which will tell the value (process name)
Another issue worth mentioning is that I have experienced this to stop responding to process start events, had to restart the pc for it to work again, this seems to be a known bug.
Hi
Hi, i testing code and not working for me in release or debug mode, Any idea ?
You can send me zip url when code is working ?
I have VS.NET 2003 and Netframework 1.1
i really need this code.
Thank you again for you time.
Hi, i testing code and not working for me in release or debug mode, Any idea ?
You can send me zip url when code is working ?
I have VS.NET 2003 and Netframework 1.1
i really need this code.
Thank you again for you time.
Well, it's not working in VS2003 for me either, only in VS2005 Express - and there it is not working in debugger, only with the final .exe.
(And there is the problem of "loosing" the event, as told ... ?!?! whats more?
)
The code is exactly as typed above, just added multiline TextBox1 to a fresh Windows Application project.
[EDIT: also added reference to system.management and imported namespace system.management]
I will search the web some to see if there is better solutions/hacks, I know there is lots of problems with WMI in general, especially the events.
(And there is the problem of "loosing" the event, as told ... ?!?! whats more?
)The code is exactly as typed above, just added multiline TextBox1 to a fresh Windows Application project.
[EDIT: also added reference to system.management and imported namespace system.management]
I will search the web some to see if there is better solutions/hacks, I know there is lots of problems with WMI in general, especially the events.
Last edited:
It's not possible to use a standard VS05 class library in VS03.
I created a class library to test with a VS05 project, and it work the same as the code directly in project - no go in debugger - ok with .exe.
Then I was thinking that a COM Type Library is compatible with "all languages", and added some code to the class library for this (Type Library template is not available in VS05 Express..) with help of this article:
http://www.codeproject.com/vb/net/MusaExposingCOM.asp
I used "regasm ProcessStartTrace.dll /tlb: ProcessStartTrace.tlb" to generate and register a type library from the dll.
(Even set a strong name for the dll and sent it to GAC with Gacutil in the try).
Alas, now trying to add reference in VS03 to my COM Type Library results in an error message saying that it can't convert the Type Library to a .Net assembly, because it was previously exported from a CLR assembly and can't be re-imported to a CLR assembly. (?)
There could be something wrong with my VS05 class library written to comply to COM Type library, but I have a hard time verifying this.
I actually now try to check this with Windows Scripting Host (using tlb progID), but have to restart the machine because I found out the freaking WMI Event froze up again... Also using type library events in scripting is not very easy!
As for other solutions,
- VS05 Express is free and viable for you to upgrade.
- You could help with info on getting this class to work as a type library in VS03, I really think this should work...
- I've seen other WMI code for process start event, but they looked more like hacks into ManagementEventWatcher, will see if I find again and try.
[restart :]
I created a class library to test with a VS05 project, and it work the same as the code directly in project - no go in debugger - ok with .exe.
Then I was thinking that a COM Type Library is compatible with "all languages", and added some code to the class library for this (Type Library template is not available in VS05 Express..) with help of this article:
http://www.codeproject.com/vb/net/MusaExposingCOM.asp
I used "regasm ProcessStartTrace.dll /tlb: ProcessStartTrace.tlb" to generate and register a type library from the dll.
(Even set a strong name for the dll and sent it to GAC with Gacutil in the try).
Alas, now trying to add reference in VS03 to my COM Type Library results in an error message saying that it can't convert the Type Library to a .Net assembly, because it was previously exported from a CLR assembly and can't be re-imported to a CLR assembly. (?)
There could be something wrong with my VS05 class library written to comply to COM Type library, but I have a hard time verifying this.
I actually now try to check this with Windows Scripting Host (using tlb progID), but have to restart the machine because I found out the freaking WMI Event froze up again... Also using type library events in scripting is not very easy!
As for other solutions,
- VS05 Express is free and viable for you to upgrade.
- You could help with info on getting this class to work as a type library in VS03, I really think this should work...
- I've seen other WMI code for process start event, but they looked more like hacks into ManagementEventWatcher, will see if I find again and try.
[restart :]
Last edited:
Doing some more debugging and testing with the original code, I have managed to make progress.
What looks to be a problem in VS2003 is accessing all the different properties of Win32_ProcessStartTrace, ProcessName works fine even when debugging.
(With VS2005 all properties are fine in release build, but for debugging does not work even when limiting to ProcessName.)
I have attached a working VS2003 project.
What looks to be a problem in VS2003 is accessing all the different properties of Win32_ProcessStartTrace, ProcessName works fine even when debugging.
(With VS2005 all properties are fine in release build, but for debugging does not work even when limiting to ProcessName.)
I have attached a working VS2003 project.
JohnH
JohnH, You are the expert man.
I searching this help in all internet areas and not have result.
This code working very cool man.
I go extend now this code for my proyect, very thank you.
I need get Name the process ID
PID i can get using : ProcessID
TextBox1.Text += e.NewEvent("ProcessID") & Environment.NewLine
you know for what not working ?
JohnH, You are the expert man.
I searching this help in all internet areas and not have result.
This code working very cool man.
I go extend now this code for my proyect, very thank you.
I need get Name the process ID
PID i can get using : ProcessID
TextBox1.Text += e.NewEvent("ProcessID") & Environment.NewLine
you know for what not working ?
Last edited:
No, I can't get any other property value than ProcessName out of it in VS2003.
All property names list, but WMI query seems to hang when trying to get the value.
Of course I find this strange, since I get them from .Net 2.0 - I may be misunderstanding (again) but thought WMI was system-based and not Framework based...
You could try combining the ProcessName info you get from the event with the Framework class Process (and it's method GetProcessesByName) to investigate further, you'll find it in System.Diagnostics Namespace.
All property names list, but WMI query seems to hang when trying to get the value.
Of course I find this strange, since I get them from .Net 2.0 - I may be misunderstanding (again) but thought WMI was system-based and not Framework based...
You could try combining the ProcessName info you get from the event with the Framework class Process (and it's method GetProcessesByName) to investigate further, you'll find it in System.Diagnostics Namespace.
VB.Net 2005
hi man, again here.
I make in VB.NET 2005 Profesional Release and have this problem when compile code.
A first chance exception of type 'System.InvalidOperationException' occurred in System.Windows.Forms.dll
And never look new process.
You have any idea ?
Please post you VB.Net 2005 Code, maybe problem is different.
Thank you.
Happy Holidays.
JohnH said:
hi man, again here.
I make in VB.NET 2005 Profesional Release and have this problem when compile code.
A first chance exception of type 'System.InvalidOperationException' occurred in System.Windows.Forms.dll
And never look new process.
You have any idea ?
Please post you VB.Net 2005 Code, maybe problem is different.
Thank you.
Happy Holidays.
Similar threads
- Solved
- Question
- Solved
