How to create a Service to Log Application Names

G

gerard.mears

Hi,

I'm a total newbie at VB.NET so please bare with me. I would like to
create a simple service that will log all exe and com files that are
executed but I don't know where to start.

I'm pretty sure I know how to create a Windows Service using VB.NET
2003. However, I am stuck on the next part. When a user runs an
application I would like to create a text file that logs the EXE or COM
file name that has been executed. The text file is a single file and
each entry of EXE or COM will be date/time stamped.

How do I capture the EXE or COM file name that has been run by the
user?

Can someone point me in the right direction?

Thanks.
 
K

Ken Tucker [MVP]

Hi,

I have not tried this in a windows service but you can use the wmi
to be notified when an application is started. It appears that if you list
the running process with the wmi the last one on the list is the one that
just started. You need to add a reference to system.management. Hope this
helps.

Imports System.Management

Public Class Form1
Dim WithEvents w As ManagementEventWatcher
Dim q As WqlEventQuery
Delegate Sub LoadList()

Private Sub Form1_FormClosing(ByVal sender As Object, ByVal e As
System.Windows.Forms.FormClosingEventArgs) Handles Me.FormClosing
w.Stop()
End Sub

Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
Try
q = New WqlEventQuery
q.QueryString = "SELECT * FROM" & _
" __InstanceCreationEvent WITHIN 1 " & _
"WHERE TargetInstance isa ""Win32_Process"""
w = New ManagementEventWatcher(q)
w.Start()
Catch ex As Exception
Trace.WriteLine(ex.ToString)
End Try
LoadDriveList()
End Sub

Private Sub LoadDriveList()
ListBox1.Items.Clear()
Dim moReturn As Management.ManagementObjectCollection
Dim moSearch As Management.ManagementObjectSearcher
Dim mo As Management.ManagementObject

moSearch = New Management.ManagementObjectSearcher("Select * from
Win32_Process")

moReturn = moSearch.Get
For Each mo In moReturn
ListBox1.Items.Add(mo("Name").ToString)
Next

End Sub

Private Sub w_EventArrived(ByVal sender As Object, ByVal e As
System.Management.EventArrivedEventArgs) Handles w.EventArrived
For Each p As Process In Process.GetProcesses
Trace.WriteLine(p.MainWindowTitle)
Next
ListBox1.Invoke(New LoadList(AddressOf LoadDriveList))
End Sub
End Class


Ken
 
G

gedm

Thanks Ken. I get "Namespace or type 'management' for the Imports
'System.management' cannot be found." as an error message.

I'm using VB.Net 2003 with .Net Framework 1.1

Have I missed something here?
 
G

Guest

Hi,

You need to add a reference to system.management for the application
to work. Right click on references in the solution explorer and select add
reference

Ken
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Printing a PDF-File from a Windows Service 1
Newbie - what happen to 'release'? 2
Version Number of a an external application 2
Adding another EXE to a windows service 2
How to use log4net for a windows forms application using COM classes 1
How remove Windows service? 1
Creating an interop dll 1
"Binding" an interface to an object definition in vb.net?? 2

Top