.NET Process Monitor

c# process system

Is there a way to determine when the last time a specific machine last ran a process?

I can use the following to determine if a process is running, but the application cannot grab the process if it has since stopped.

Process[] process = Process.GetProcessesByName(processName, serverName);

WMI provides a way to track processes starting and terminating with the Win32_ProcessTrace classes. Best shown with an example. Start a new Console application, Project + Add Reference, select System.Management. Paste this code:

using System;
using System.Management;

class Process {
  public static void Main() {
    ManagementEventWatcher startWatch = new ManagementEventWatcher(
      new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace"));
    startWatch.EventArrived += new EventArrivedEventHandler(startWatch_EventArrived);
    startWatch.Start();
    ManagementEventWatcher stopWatch = new ManagementEventWatcher(
      new WqlEventQuery("SELECT * FROM Win32_ProcessStopTrace"));
    stopWatch.EventArrived += new EventArrivedEventHandler(stopWatch_EventArrived);
    stopWatch.Start();
    Console.WriteLine("Press any key to exit");
    while (!Console.KeyAvailable) System.Threading.Thread.Sleep(50);
    startWatch.Stop();
    stopWatch.Stop();
  }

  static void stopWatch_EventArrived(object sender, EventArrivedEventArgs e) {
    Console.WriteLine("Process stopped: {0}", e.NewEvent.Properties["ProcessName"].Value);
  }

  static void startWatch_EventArrived(object sender, EventArrivedEventArgs e) {
    Console.WriteLine("Process started: {0}", e.NewEvent.Properties["ProcessName"].Value);
  }
}

Edit the manifest so this program runs elevated. Then simply start some programs to see it at work. Beware that it is not especially quick.


You won't be able to do this using the Process class. However, it should be possible to figure out when an application was last run by configuring audit process tracking in Windows. The following links might get you started:

Audit process tracking

How can I track what programs come and go on my machine?

The process tracking will create entries in the Windows event log which you can then access using C#.

Related

'order' of unordered Python sets
Pass a parameter to a content script injected using chrome.tabs.executeScript()
Killing a process using Java
How do you use colspan and rowspan in HTML tables?
Why does InetAddress.isReachable return false, when I can ping the IP address?
HTTPURLConnection Doesn't Follow Redirect from HTTP to HTTPS
How to un-escape a backslash-escaped string?
How to get a float result by dividing two integer values using T-SQL?
Associate File Extension with Application
Find a line in a file and remove it
How do I simulate a mouseover in pure JavaScript that activates the CSS ":hover"?
wait until all threads finish their work in java