Archives
-
Using WMI to monitor process creation, deletion and modification in .NET
WMI is a powerful tool and I have just recently discovered some of its power. Previously I though the only way to detect process creation was by creating a windows hook but now I know it is fairly simple to due with .NET using the Windows.Management namespace. Below is simple ProcessWatcher class that has events that are triggered when a process is created, deleted or modified. Enjoy!