最近看到一個考試系統,有個功能是用來監視進程的。一旦發現如Communicator.exe這樣的違禁軟體就立即殺死進程並上報給伺服器。我稍 微研究了一下,這個功能實現起來其實很簡單。就是使用ManagementObjectSearcher擷取進程列表,然後放在一個Collection 裡,之後就可以按照自己的邏輯去做了。
複製代碼 代碼如下:using System;
using System.Management;
namespace ConsoleApplication3
{
class Program
{
static void Main(string[] args)
{
// Show Process List
Console.WriteLine("===========Process List===========");
ManagementObjectCollection objects = new ManagementObjectSearcher("SELECT * FROM Win32_Process").Get();
foreach (ManagementObject item in objects)
{
Console.WriteLine((item["Name"].ToString()));
}
// Create Ban List
Console.WriteLine("===========Ban List===========");
string lst = "Communicator.exe,POWERPNT.exe,notepad.exe";
string[] bannedProc = lst.Split(‘,‘);
foreach (string s in bannedProc)
{
Console.WriteLine(s);
}
// Search and Destroy
Console.WriteLine("===========Search and Destroy===========");
Console.WriteLine("Searching for banned process...");
int count = 0;
foreach (string item in bannedProc)
{
if (DetectProcess(item))
{
count++;
Console.WriteLine("Process [{0}] Detected!", item);
Console.WriteLine("[{0}] was killed {1}.", item, KillProcess(item) ? "Successfully" : "Unsucessfully");
}
}
Console.WriteLine("Done, {0} banned process found", count);
}
protected static bool DetectProcess(string pProcessName)
{
ManagementObjectCollection objects = new ManagementObjectSearcher("SELECT * FROM Win32_Process").Get();
foreach (ManagementObject item in objects)
{
string str = item["Name"].ToString();
if (str.Trim().ToUpper() == pProcessName.Trim().ToUpper())
{
return true;
}
}
return false;
}
public static bool KillProcess(string pProcessName)
{
ManagementObjectCollection objects = new ManagementObjectSearcher("SELECT * FROM Win32_Process").Get();
foreach (ManagementObject item in objects)
{
string str = item["Name"].ToString();
if (str.Trim().ToUpper() == pProcessName.Trim().ToUpper())
{
string[] args = new string[] { "0" };
item.InvokeMethod("Terminate", args);
return true;
}
}
return false;
}
}
}
效果如下: