NET(C#)使用WMI事件查询实现对进程和可移动磁盘的监控

转自:http://www.cnblogs.com/mgen/archive/2011/09/26/2192033.html

 

 

NET(C#)使用WMI事件查询实现对进程和可移动磁盘的监控

目录

• 进程启动或结束监控
• 可移动磁盘插入或删除监控

 

 

 

返回目录

进程启动或结束监控

 

 

代码：

        //注意：引用System.Management.dll 和 using System.Management;

        static void Main(string[] args)

        {

            //创建WQL事件查询，用于实例创建

            var qCreate = new WqlEventQuery("__InstanceCreationEvent",

                TimeSpan.FromSeconds(1),  //WHTHIN = 1

                "TargetInstance ISA 'Win32_Process'");

            //创建WQL事件查询，用于实例删除

            var qDelete = new WqlEventQuery("__InstanceDeletionEvent",

                TimeSpan.FromSeconds(1),  //WHTHIN = 1

                "TargetInstance ISA 'Win32_Process'");

 

            //创建事件查询的侦听器（ManagementEventWatcher）

            var wCreate = new ManagementEventWatcher(qCreate);

            var wDelete = new ManagementEventWatcher(qDelete);

 

            //事件注册代码

            wCreate.EventArrived += (sender, e) =>

                {

                    Console.WriteLine("运行：{0}", GetInfo(e.NewEvent));

                };

            wDelete.EventArrived += (sender, e) =>

                {

                    Console.WriteLine("关闭：{0}", GetInfo(e.NewEvent));

                };

 

            //异步开始侦听

            wCreate.Start();

            wDelete.Start();

 

            Console.WriteLine("按任意键停止监控");

            Console.ReadKey(true);

        }

 

        //输出事件对应的ManagementBaseObject（本例中的Win32_Process实例）的信息

        static string GetInfo(ManagementBaseObject mobj)

        {

            var instance = (ManagementBaseObject)mobj["TargetInstance"];

            return string.Format("{0} - {1}", instance["Name"], DateTime.Now);

        }

 

 

 

返回目录

可移动磁盘插入或删除监控

 

代码：

        //注意：引用System.Management.dll 和 using System.Management;

        static void Main(string[] args)

        {

            //创建WQL事件查询，用于实例创建

            //加入条件判断 TargetInstance.DriveType = 2

            //代表判断Win32_LogicalDisk.DriveType属性，2则代表可移动磁盘

            var qCreate = new WqlEventQuery("__InstanceCreationEvent",

                TimeSpan.FromSeconds(1),

                "TargetInstance ISA 'Win32_LogicalDisk' AND TargetInstance.DriveType = 2");

            //创建WQL事件查询，用于实例删除

            var qDelete = new WqlEventQuery("__InstanceDeletionEvent",

                TimeSpan.FromSeconds(1),

                "TargetInstance ISA 'Win32_LogicalDisk' AND TargetInstance.DriveType = 2");

 

            //创建事件查询的侦听器（ManagementEventWatcher）

            var wCreate = new ManagementEventWatcher(qCreate);

            var wDelete = new ManagementEventWatcher(qDelete);

 

            //事件注册代码

            wCreate.EventArrived += (sender, e) =>

                {

                    Console.WriteLine("接入可移动磁盘：{0}", GetInfo(e.NewEvent));

                };

            wDelete.EventArrived += (sender, e) =>

                {

                    Console.WriteLine("拔出可移动磁盘：{0}", GetInfo(e.NewEvent));

                };

 

            //异步开始侦听

            wCreate.Start();

            wDelete.Start();

 

            Console.WriteLine("按任意键停止监控");

            Console.ReadKey(true);

        }

 

        //输出事件对应的ManagementBaseObject（本例中的Win32_LogicalDisk实例）的信息

        static string GetInfo(ManagementBaseObject mobj)

        {

            var instance = (ManagementBaseObject)mobj["TargetInstance"];

            return string.Format("{0} - {1}", instance["Name"], DateTime.Now);

        }