How to Use system management c# to check application launch

Question

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Management;
using System.Management.Instrumentation;

namespace app_
{

    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void Form1_Load(object sender, EventArgs e)
        {
            WMIEvent we = new WMIEvent();
            ManagementEventWatcher w = null;
            WqlEventQuery q;
            try
            {
                q = new WqlEventQuery();
                q.EventClassName = "Win32_ProcessStartTrace";
                w = new ManagementEventWatcher(q);
                w.EventArrived += new EventArrivedEventHandler(we.ProcessStartEventArrived);
                w.Start();
                Console.ReadLine(); // block main thread for test purposes
            }
            finally
            {
                w.Stop();
            }
        }

        public void ProcessStartEventArrived(object sender, EventArrivedEventArgs e)
        {
            foreach (PropertyData pd in e.NewEvent.Properties)
            {
                Console.WriteLine("\n============================= =========");
                Console.WriteLine("{0},{1},{2}", pd.Name, pd.Type, pd.Value);
            }
        }

    }
}

Answer 1

Hi @MIPAKTEH_1 , Welcome to Microsoft Q&A,

ProcessStartEventArrived is the callback function when a WMI event arrives, but in your code, it does not seem to be correctly associated with the method in the Form1 class.

using System;
using System.Management;
using System.Windows.Forms;

namespace xxx
{
    public partial class Form1 : Form
    {
        private ManagementEventWatcher processStartWatcher;
        public Form1()
        {
            InitializeComponent();
        }
        private void Form1_Load(object sender, EventArgs e)
        {
            StartProcessMonitor();
        }

        private void StartProcessMonitor()
        {
            try
            {
                var query = new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace");
                processStartWatcher = new ManagementEventWatcher(query);
                processStartWatcher.EventArrived += ProcessStartEventArrived;
                processStartWatcher.Start();

                Console.WriteLine("Monitoring process start events...");
            }
            catch (Exception ex)
            {
                Console.WriteLine($"Monitor start failed: {ex.Message}");
            }
        }

        private void ProcessStartEventArrived(object sender, EventArrivedEventArgs e)
        {
            string processName = e.NewEvent.Properties["ProcessName"]?.Value?.ToString() ?? "Unknown process";
            string processID = e.NewEvent.Properties["ProcessID"]?.Value?.ToString() ?? "Unknown PID";

            // Output to console
            Console.WriteLine($"A new process was detected: process name = {processName}, process ID = {processID}");
        }

        private void Form1_FormClosing(object sender, FormClosingEventArgs e)
        {
            StopProcessMonitor();
        }

        private void StopProcessMonitor()
        {
            if (processStartWatcher != null)
            {
                processStartWatcher.Stop();
                processStartWatcher.Dispose();
                processStartWatcher = null;
            }
            Console.WriteLine("The monitor has stopped.");
        }
    }
}

Best Regards,

Jiale

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.