我可以从 System.Management.EventArrivedEventArgs 对象获取 ExecutablePath 吗？

发布于 2024-08-19 06:47:26 字数 879 浏览 4 评论 0原文

我正在使用 System.Management.ManagementEventWatcher 来获取已启动进程的进程 ID 和可执行路径：

private void startWatcher_EventArrived(Object sender, EventArrivedEventArgs e)
{
    String processID = e.NewEvent.Properties["ProcessID"].Value.ToString();

    var searcher = new ManagementObjectSearcher(new WqlObjectQuery(String.Format("Select ExecutablePath from Win32_Process where ProcessID = {0}", processID)));

    ManagementObject managementObject = null;
    foreach (ManagementObject obj in searcher.Get())
    {
        managementObject = obj;
        break;
    }

    Console.WriteLine(managementObject["ExecutablePath"]);
}

使用此 WQL 查询：

从中选择可执行路径 Win32_ProcessStartTrace

有没有一种方法可以避免进行对象搜索，但仍然使用 EventArrivedEventArgs 对象中已有的内容来获取 ExecutionPath？

我真正需要的是每个启动的新进程的 ProcessID 和 ExecuatblePath。这是最简单的方法吗？

原文

I'm using a System.Management.ManagementEventWatcher to get the process ID and executable path for a started process:

private void startWatcher_EventArrived(Object sender, EventArrivedEventArgs e)
{
    String processID = e.NewEvent.Properties["ProcessID"].Value.ToString();

    var searcher = new ManagementObjectSearcher(new WqlObjectQuery(String.Format("Select ExecutablePath from Win32_Process where ProcessID = {0}", processID)));

    ManagementObject managementObject = null;
    foreach (ManagementObject obj in searcher.Get())
    {
        managementObject = obj;
        break;
    }

    Console.WriteLine(managementObject["ExecutablePath"]);
}

Using this WQL Query:

Select ExecutablePath from
Win32_ProcessStartTrace

Is there a way that I can avoid doing the object search, but still get the ExecutionPath, using what is already available in the EventArrivedEventArgs object?

All I really need is the ProcessID and the ExecuatblePath for each new process that starts up. Is this the simplest way to get that?

分享到QQ

分享到微博