G
Guest
I've a requirement to monitor when certain applications are started. I'm
using WMI called from VS Stusio 2005 in VB to trap Excel and Word starting.
I've written the following console application which wires up 4 events to
trap Excel/Word Start/Stop events. The application works fine for Excel but
Word behaves strangely. When I start an instance of Word I get the correct
message displayed in the console. When I start a second instance of Word I
get the Stop event fired (rather then the Start) - the console looks like
this
after the second instance is started - ie an immediate stop event and stop
message.
press <enter> to stop...
Application=Word, Start, Parent Process Id=324, Process Id=4776
Application=Word, Start, Parent Process Id=324, Process Id=5236
Application=Word, Stop, Parent Process Id=324, Process Id=5236
any help appreciated. The code is attached.
thanks
Imports System
Imports System.Management
Module TaskMonitor
Dim Applications As New ApplicationCollection
Dim WordStartWatcher As ManagementEventWatcher
Dim WordStopWatcher As ManagementEventWatcher
Dim ExcelStartWatcher As ManagementEventWatcher
Dim ExcelStopWatcher As ManagementEventWatcher
Sub Main()
StartWatching()
Console.WriteLine("press <enter> to stop...")
Console.ReadLine()
StopWatching()
End Sub
Private Sub StartWatching()
WordStartWatcher = New
ManagementEventWatcher(GenerateStartQuery("WINWORD.EXE"))
AddHandler WordStartWatcher.EventArrived, AddressOf WordStarted
WordStartWatcher.Start()
WordStopWatcher = New
ManagementEventWatcher(GenerateStopQuery("WINWORD.EXE"))
AddHandler WordStopWatcher.EventArrived, AddressOf WordStopped
WordStopWatcher.Start()
ExcelStartWatcher = New
ManagementEventWatcher(GenerateStartQuery("EXCEL.EXE"))
AddHandler ExcelStartWatcher.EventArrived, AddressOf ExcelStarted
ExcelStartWatcher.Start()
ExcelStopWatcher = New
ManagementEventWatcher(GenerateStopQuery("EXCEL.EXE"))
AddHandler ExcelStopWatcher.EventArrived, AddressOf ExcelStopped
ExcelStopWatcher.Start()
End Sub
Private Sub StopWatching()
WordStartWatcher.Stop()
RemoveHandler WordStartWatcher.EventArrived, AddressOf WordStarted
WordStartWatcher = Nothing
WordStopWatcher.Stop()
RemoveHandler WordStopWatcher.EventArrived, AddressOf WordStopped
WordStopWatcher = Nothing
ExcelStartWatcher.Stop()
RemoveHandler ExcelStartWatcher.EventArrived, AddressOf ExcelStarted
ExcelStartWatcher = Nothing
ExcelStopWatcher.Stop()
RemoveHandler ExcelStopWatcher.EventArrived, AddressOf ExcelStopped
ExcelStopWatcher = Nothing
End Sub
Public Sub WordStarted(ByVal sender As Object, ByVal e As
EventArrivedEventArgs)
Applications.Add(e.NewEvent.Properties("ProcessID").Value, New
Word(e.NewEvent.Properties("ParentProcessID").Value,
e.NewEvent.Properties("ProcessID").Value))
Console.WriteLine(String.Concat("Application=Word, Start, Parent
Process Id=", e.NewEvent.Properties("ParentProcessID").Value.ToString, ",
Process Id=", e.NewEvent.Properties("ProcessID").Value.ToString))
End Sub
Public Sub WordStopped(ByVal sender As Object, ByVal e As
EventArrivedEventArgs)
If
Applications.ContainsKey(e.NewEvent.Properties("ProcessID").Value) Then
Applications.Remove(e.NewEvent.Properties("ProcessID").Value)
End If
Console.WriteLine(String.Concat("Application=Word, Stop, Parent
Process Id=", e.NewEvent.Properties("ParentProcessID").Value.ToString, ",
Process Id=", e.NewEvent.Properties("ProcessID").Value.ToString))
End Sub
Public Sub ExcelStarted(ByVal sender As Object, ByVal e As
EventArrivedEventArgs)
Applications.Add(e.NewEvent.Properties("ProcessID").Value, New
Word(e.NewEvent.Properties("ParentProcessID").Value,
e.NewEvent.Properties("ProcessID").Value))
Console.WriteLine(String.Concat("Application=Excel, Start, Parent
Process Id=", e.NewEvent.Properties("ParentProcessID").Value.ToString, ",
Process Id=", e.NewEvent.Properties("ProcessID").Value.ToString))
End Sub
Public Sub ExcelStopped(ByVal sender As Object, ByVal e As
EventArrivedEventArgs)
If
Applications.ContainsKey(e.NewEvent.Properties("ProcessID").Value) Then
Applications.Remove(e.NewEvent.Properties("ProcessID").Value)
End If
Console.WriteLine(String.Concat("Application=Excel, Stop, Parent
Process Id=", e.NewEvent.Properties("ParentProcessID").Value.ToString, ",
Process Id=", e.NewEvent.Properties("ProcessID").Value.ToString))
End Sub
Private Function GenerateStartQuery(ByVal ProcessName As String) As
WqlEventQuery
Dim ApplicationStartQuery As New WqlEventQuery
ApplicationStartQuery.EventClassName = "Win32_ProcessStartTrace"
ApplicationStartQuery.QueryString = String.Concat("SELECT * FROM
Win32_ProcessStartTrace where ProcessName = ", """", ProcessName, """")
Return ApplicationStartQuery
End Function
Private Function GenerateStopQuery(ByVal ProcessName As String) As
WqlEventQuery
Dim ApplicationStopQuery As New WqlEventQuery
ApplicationStopQuery.EventClassName = "Win32_ProcessStopTrace"
ApplicationStopQuery.QueryString = String.Concat("SELECT * FROM
Win32_ProcessStopTrace where ProcessName = ", """", ProcessName, """")
Return ApplicationStopQuery
End Function
End Module
using WMI called from VS Stusio 2005 in VB to trap Excel and Word starting.
I've written the following console application which wires up 4 events to
trap Excel/Word Start/Stop events. The application works fine for Excel but
Word behaves strangely. When I start an instance of Word I get the correct
message displayed in the console. When I start a second instance of Word I
get the Stop event fired (rather then the Start) - the console looks like
this
after the second instance is started - ie an immediate stop event and stop
message.
press <enter> to stop...
Application=Word, Start, Parent Process Id=324, Process Id=4776
Application=Word, Start, Parent Process Id=324, Process Id=5236
Application=Word, Stop, Parent Process Id=324, Process Id=5236
any help appreciated. The code is attached.
thanks
Imports System
Imports System.Management
Module TaskMonitor
Dim Applications As New ApplicationCollection
Dim WordStartWatcher As ManagementEventWatcher
Dim WordStopWatcher As ManagementEventWatcher
Dim ExcelStartWatcher As ManagementEventWatcher
Dim ExcelStopWatcher As ManagementEventWatcher
Sub Main()
StartWatching()
Console.WriteLine("press <enter> to stop...")
Console.ReadLine()
StopWatching()
End Sub
Private Sub StartWatching()
WordStartWatcher = New
ManagementEventWatcher(GenerateStartQuery("WINWORD.EXE"))
AddHandler WordStartWatcher.EventArrived, AddressOf WordStarted
WordStartWatcher.Start()
WordStopWatcher = New
ManagementEventWatcher(GenerateStopQuery("WINWORD.EXE"))
AddHandler WordStopWatcher.EventArrived, AddressOf WordStopped
WordStopWatcher.Start()
ExcelStartWatcher = New
ManagementEventWatcher(GenerateStartQuery("EXCEL.EXE"))
AddHandler ExcelStartWatcher.EventArrived, AddressOf ExcelStarted
ExcelStartWatcher.Start()
ExcelStopWatcher = New
ManagementEventWatcher(GenerateStopQuery("EXCEL.EXE"))
AddHandler ExcelStopWatcher.EventArrived, AddressOf ExcelStopped
ExcelStopWatcher.Start()
End Sub
Private Sub StopWatching()
WordStartWatcher.Stop()
RemoveHandler WordStartWatcher.EventArrived, AddressOf WordStarted
WordStartWatcher = Nothing
WordStopWatcher.Stop()
RemoveHandler WordStopWatcher.EventArrived, AddressOf WordStopped
WordStopWatcher = Nothing
ExcelStartWatcher.Stop()
RemoveHandler ExcelStartWatcher.EventArrived, AddressOf ExcelStarted
ExcelStartWatcher = Nothing
ExcelStopWatcher.Stop()
RemoveHandler ExcelStopWatcher.EventArrived, AddressOf ExcelStopped
ExcelStopWatcher = Nothing
End Sub
Public Sub WordStarted(ByVal sender As Object, ByVal e As
EventArrivedEventArgs)
Applications.Add(e.NewEvent.Properties("ProcessID").Value, New
Word(e.NewEvent.Properties("ParentProcessID").Value,
e.NewEvent.Properties("ProcessID").Value))
Console.WriteLine(String.Concat("Application=Word, Start, Parent
Process Id=", e.NewEvent.Properties("ParentProcessID").Value.ToString, ",
Process Id=", e.NewEvent.Properties("ProcessID").Value.ToString))
End Sub
Public Sub WordStopped(ByVal sender As Object, ByVal e As
EventArrivedEventArgs)
If
Applications.ContainsKey(e.NewEvent.Properties("ProcessID").Value) Then
Applications.Remove(e.NewEvent.Properties("ProcessID").Value)
End If
Console.WriteLine(String.Concat("Application=Word, Stop, Parent
Process Id=", e.NewEvent.Properties("ParentProcessID").Value.ToString, ",
Process Id=", e.NewEvent.Properties("ProcessID").Value.ToString))
End Sub
Public Sub ExcelStarted(ByVal sender As Object, ByVal e As
EventArrivedEventArgs)
Applications.Add(e.NewEvent.Properties("ProcessID").Value, New
Word(e.NewEvent.Properties("ParentProcessID").Value,
e.NewEvent.Properties("ProcessID").Value))
Console.WriteLine(String.Concat("Application=Excel, Start, Parent
Process Id=", e.NewEvent.Properties("ParentProcessID").Value.ToString, ",
Process Id=", e.NewEvent.Properties("ProcessID").Value.ToString))
End Sub
Public Sub ExcelStopped(ByVal sender As Object, ByVal e As
EventArrivedEventArgs)
If
Applications.ContainsKey(e.NewEvent.Properties("ProcessID").Value) Then
Applications.Remove(e.NewEvent.Properties("ProcessID").Value)
End If
Console.WriteLine(String.Concat("Application=Excel, Stop, Parent
Process Id=", e.NewEvent.Properties("ParentProcessID").Value.ToString, ",
Process Id=", e.NewEvent.Properties("ProcessID").Value.ToString))
End Sub
Private Function GenerateStartQuery(ByVal ProcessName As String) As
WqlEventQuery
Dim ApplicationStartQuery As New WqlEventQuery
ApplicationStartQuery.EventClassName = "Win32_ProcessStartTrace"
ApplicationStartQuery.QueryString = String.Concat("SELECT * FROM
Win32_ProcessStartTrace where ProcessName = ", """", ProcessName, """")
Return ApplicationStartQuery
End Function
Private Function GenerateStopQuery(ByVal ProcessName As String) As
WqlEventQuery
Dim ApplicationStopQuery As New WqlEventQuery
ApplicationStopQuery.EventClassName = "Win32_ProcessStopTrace"
ApplicationStopQuery.QueryString = String.Concat("SELECT * FROM
Win32_ProcessStopTrace where ProcessName = ", """", ProcessName, """")
Return ApplicationStopQuery
End Function
End Module