Created
August 24, 2016 14:47
-
-
Save strictlymike/46d717a929e38460b5774476878db125 to your computer and use it in GitHub Desktop.
Quick and dirty copy-pasta process tracing systray app for the curious and paranoid
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Drawing; | |
| using System.Management; | |
| using System.Windows.Forms; | |
| namespace MyTrayApp | |
| { | |
| public class SysTrayApp : Form | |
| { | |
| [STAThread] | |
| public static void Main() | |
| { | |
| SysTrayApp app = new SysTrayApp(); | |
| ManagementEventWatcher startWatch = new ManagementEventWatcher( | |
| new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace")); | |
| startWatch.EventArrived += new EventArrivedEventHandler(app.NotifyProcessStart); | |
| startWatch.Start(); | |
| Application.Run(app); | |
| } | |
| private NotifyIcon trayIcon; | |
| private ContextMenu trayMenu; | |
| public void NotifyProcessStart(object sender, EventArrivedEventArgs e) | |
| { | |
| string name = (string)e.NewEvent.Properties["ProcessName"].Value; | |
| string path = name; | |
| const int timeout = 8; | |
| try { | |
| Console.WriteLine("PID: {0}", e.NewEvent.Properties["ProcessID"].Value); | |
| Process p = Process.GetProcessById(Convert.ToInt32(e.NewEvent.Properties["ProcessID"].Value)); | |
| path = p.MainModule.FileName; | |
| trayIcon.ShowBalloonTip(timeout, "New Process", name + " (" + path + ")", ToolTipIcon.Info); | |
| } catch (Exception) { | |
| trayIcon.ShowBalloonTip(timeout, "New Process", name + " (exited immediately)", ToolTipIcon.Info); | |
| } | |
| } | |
| public SysTrayApp() | |
| { | |
| trayMenu = new ContextMenu(); | |
| trayMenu.MenuItems.Add("Exit", OnExit); | |
| trayIcon = new NotifyIcon(); | |
| trayIcon.Text = "MyTrayApp"; | |
| trayIcon.Icon = new Icon(SystemIcons.Application, 40, 40); | |
| trayIcon.ContextMenu = trayMenu; | |
| trayIcon.Visible = true; | |
| } | |
| protected override void OnLoad(EventArgs e) | |
| { | |
| Visible = false; | |
| ShowInTaskbar = false; | |
| base.OnLoad(e); | |
| } | |
| private void OnExit(object sender, EventArgs e) | |
| { | |
| Application.Exit(); | |
| } | |
| protected override void Dispose(bool isDisposing) | |
| { | |
| if (isDisposing) { trayIcon.Dispose(); } | |
| base.Dispose(isDisposing); | |
| } | |
| } | |
| } |
Love the code and it's so neat. Good job.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Easier than the event log notification/scraper I was going to write, and gives me a quick idea of what is happening. TODO: add parentage, arguments, etc., etc.