Revize ad51fa1a
Přidáno uživatelem Pultak před asi 2 roky(ů)
ld_client/LDClient/detection/ProcessDetection.cs | ||
---|---|---|
1 |
using System; |
|
2 |
using System.Collections.Generic; |
|
3 |
using System.Diagnostics; |
|
4 |
using System; |
|
5 |
using System.Management; |
|
6 |
|
|
7 |
namespace LDClient.detection { |
|
8 |
public class ProcessDetection : IDetection { |
|
9 |
|
|
10 |
private const string ProcessStartQuery = "SELECT * FROM Win32_ProcessStartTrace"; |
|
11 |
private const string ProcessStopQuery = "SELECT * FROM Win32_ProcessStopTrace"; |
|
12 |
|
|
13 |
private ManagementEventWatcher _stopWatch; |
|
14 |
|
|
15 |
private bool _isRunning; |
|
16 |
|
|
17 |
private readonly string _processName; |
|
18 |
private readonly uint _detectionPeriod; |
|
19 |
private bool _processActive; |
|
20 |
public ProcessDetection(string processName, uint detectionPeriod) { |
|
21 |
this._processName = processName; |
|
22 |
this._detectionPeriod = detectionPeriod; |
|
23 |
} |
|
24 |
|
|
25 |
|
|
26 |
public void DetectAsync() { |
|
27 |
var processes = Process.GetProcessesByName(_processName); |
|
28 |
Program.DefaultLogger.Info($"Found {processes.Length} processes with name: {_processName}"); |
|
29 |
var processFound = false; |
|
30 |
foreach (var process in processes) { |
|
31 |
if (process.ProcessName.Equals(_processName)) { |
|
32 |
if (!_processActive) { |
|
33 |
Program.DefaultLogger.Info($"Process started: {_processName}"); |
|
34 |
} |
|
35 |
_processActive = true; |
|
36 |
processFound = true; |
|
37 |
break; |
|
38 |
} |
|
39 |
Console.WriteLine(process); |
|
40 |
} |
|
41 |
|
|
42 |
if (!processFound) { |
|
43 |
if (_processActive) { |
|
44 |
Program.DefaultLogger.Info($"Process stopped: {_processName}"); |
|
45 |
} |
|
46 |
_processActive = false; |
|
47 |
} |
|
48 |
} |
|
49 |
|
|
50 |
|
|
51 |
public void RunPeriodicDetection() { |
|
52 |
|
|
53 |
Program.DefaultLogger.Info("Process periodic detector has started"); |
|
54 |
_isRunning = true; |
|
55 |
while (_isRunning) { |
|
56 |
DetectAsync(); |
|
57 |
Thread.Sleep((int)_detectionPeriod); |
|
58 |
} |
|
59 |
} |
|
60 |
|
|
61 |
public void StopPeriodicDetection() { |
|
62 |
_isRunning = false; |
|
63 |
} |
|
64 |
|
|
65 |
|
|
66 |
public void RegisterProcessListeners() { |
|
67 |
ManagementEventWatcher startWatch = new ManagementEventWatcher( |
|
68 |
new WqlEventQuery(ProcessStartQuery)); |
|
69 |
startWatch.EventArrived += startWatch_EventArrived; |
|
70 |
startWatch.Start(); |
|
71 |
|
|
72 |
_stopWatch = new ManagementEventWatcher( |
|
73 |
new WqlEventQuery(ProcessStopQuery)); |
|
74 |
_stopWatch.EventArrived += stopWatch_EventArrived; |
|
75 |
_stopWatch.Start(); |
|
76 |
} |
|
77 |
|
|
78 |
void stopWatch_EventArrived(object sender, EventArrivedEventArgs e) { |
|
79 |
var processName = e.NewEvent.Properties["ProcessName"].Value.ToString(); |
|
80 |
if (processName.Equals(_processName + ".exe")) { |
|
81 |
Program.DefaultLogger.Info($"Process stopped: {processName}"); |
|
82 |
} |
|
83 |
} |
|
84 |
|
|
85 |
void startWatch_EventArrived(object sender, EventArrivedEventArgs e) { |
|
86 |
var processName = e.NewEvent.Properties["ProcessName"].Value.ToString(); |
|
87 |
if (processName.Equals(_processName + ".exe")) { |
|
88 |
Program.DefaultLogger.Info($"Process started: {processName}"); |
|
89 |
} |
|
90 |
} |
|
91 |
} |
|
92 |
} |
Také k dispozici: Unified diff
re #9433 Added possible detection by process name