最近看到一個考試系統(tǒng),有個功能是用來監(jiān)視進程的。一旦發(fā)現如Communicator.exe這樣的違禁軟件就立即殺死進程并上報給服務器。我稍 微研究了一下,這個功能實現起來其實很簡單。就是使用ManagementObjectSearcher獲取進程列表,然后放在一個Collection 里,之后就可以按照自己的邏輯去做了。
namespace ConsoleApplication3
{
class Program
{
static void Main(string[] args)
{
// Show Process List
Console.WriteLine("===========Process List===========");
ManagementObjectCollection objects = new ManagementObjectSearcher("SELECT * FROM Win32_Process").Get();
foreach (ManagementObject item in objects)
{
Console.WriteLine((item["Name"].ToString()));
}
// Create Ban List
Console.WriteLine("===========Ban List===========");
string lst = "Communicator.exe,POWERPNT.exe,notepad.exe";
string[] bannedProc = lst.Split(‘,‘);
foreach (string s in bannedProc)
{
Console.WriteLine(s);
}
// Search and Destroy
Console.WriteLine("===========Search and Destroy===========");
Console.WriteLine("Searching for banned process...");
int count = 0;
foreach (string item in bannedProc)
{
if (DetectProcess(item))
{
count++;
Console.WriteLine("Process [{0}] Detected!", item);
Console.WriteLine("[{0}] was killed {1}.", item, KillProcess(item) ? "Successfully" : "Unsucessfully");
}
}
Console.WriteLine("Done, {0} banned process found", count);
}
protected static bool DetectProcess(string pProcessName)
{
ManagementObjectCollection objects = new ManagementObjectSearcher("SELECT * FROM Win32_Process").Get();
foreach (ManagementObject item in objects)
{
string str = item["Name"].ToString();
if (str.Trim().ToUpper() == pProcessName.Trim().ToUpper())
{
return true;
}
}
return false;
}
public static bool KillProcess(string pProcessName)
{
ManagementObjectCollection objects = new ManagementObjectSearcher("SELECT * FROM Win32_Process").Get();
foreach (ManagementObject item in objects)
{
string str = item["Name"].ToString();
if (str.Trim().ToUpper() == pProcessName.Trim().ToUpper())
{
string[] args = new string[] { "0" };
item.InvokeMethod("Terminate", args);
return true;
}
}
return false;
}
}
}
新聞熱點
疑難解答
