最近看到一个考试系统,有个功能是用来监视进程的。一旦发现如Communicator.exe这样的违禁软件就立即杀死进程并上报给服务器。我稍 微研究了一下,这个功能实现起来其实很简单。就是使用ManagementObjectSearcher获取进程列表,然后放在一个Collection 里,之后就可以按照自己的逻辑去做了。
namespace ConsoleApplication3
{
class Program
{
static void Main(string[] args)
{
// Show Process List
Console.WriteLine("===========Process List===========");
ManagementObjectCollection objects = new ManagementObjectSearcher("SELECT * FROM Win32_Process").Get();
foreach (ManagementObject item in objects)
{
Console.WriteLine((item["Name"].ToString()));
}
// Create Ban List
Console.WriteLine("===========Ban List===========");
string lst = "Communicator.exe,POWERPNT.exe,notepad.exe";
string[] bannedProc = lst.Split(‘,‘);
foreach (string s in bannedProc)
{
Console.WriteLine(s);
}
// Search and Destroy
Console.WriteLine("===========Search and Destroy===========");
Console.WriteLine("Searching for banned process...");
int count = 0;
foreach (string item in bannedProc)
{
if (DetectProcess(item))
{
count++;
Console.WriteLine("Process [{0}] Detected!", item);
Console.WriteLine("[{0}] was killed {1}.", item, KillProcess(item) ? "Successfully" : "Unsucessfully");
}
}
Console.WriteLine("Done, {0} banned process found", count);
}
protected static bool DetectProcess(string pProcessName)
{
ManagementObjectCollection objects = new ManagementObjectSearcher("SELECT * FROM Win32_Process").Get();
foreach (ManagementObject item in objects)
{
string str = item["Name"].ToString();
if (str.Trim().ToUpper() == pProcessName.Trim().ToUpper())
{
return true;
}
}
return false;
}
public static bool KillProcess(string pProcessName)
{
ManagementObjectCollection objects = new ManagementObjectSearcher("SELECT * FROM Win32_Process").Get();
foreach (ManagementObject item in objects)
{
string str = item["Name"].ToString();
if (str.Trim().ToUpper() == pProcessName.Trim().ToUpper())
{
string[] args = new string[] { "0" };
item.InvokeMethod("Terminate", args);
return true;
}
}
return false;
}
}
}