C#捕捉进程开始和结束事件

通过C#捕捉进程开始和结束事件，禁止notepad.exe运行。这比用钩子的代码少多了。但我测试时，偶尔有事件被漏掉的情况。要求不太苛刻的地方，还是可以用用的。

 

using System; 
using System.Management; 
 
class Process 
{ 
    public static void Main() 
    { 
        ManagementEventWatcher startWatch = new ManagementEventWatcher(new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace")); 
        startWatch.EventArrived += new EventArrivedEventHandler(startWatch_EventArrived); 
        startWatch.Start(); 
        ManagementEventWatcher stopWatch = new ManagementEventWatcher(new WqlEventQuery("SELECT * FROM Win32_ProcessStopTrace")); 
        stopWatch.EventArrived += new EventArrivedEventHandler(stopWatch_EventArrived); 
        stopWatch.Start(); 
        Console.WriteLine("Press ENTER to exit"); 
        Console.ReadLine(); 
        startWatch.Stop(); 
        stopWatch.Stop(); 
    } 
 
    static void stopWatch_EventArrived(object sender, EventArrivedEventArgs e) 
    { 
        Console.WriteLine("Process stopped: {0}", e.NewEvent.Properties["ProcessName"].Value); 
    } 
 
    static void startWatch_EventArrived(object sender, EventArrivedEventArgs e) 
    { 
        string name = e.NewEvent.Properties["ProcessName"].Value.ToString(); 
        int id = Convert.ToInt32(e.NewEvent.Properties["ProcessId"].Value); 
        Console.WriteLine("Process started: {0}", name); 
        if (name == "notepad.exe") 
        { 
            System.Diagnostics.Process.GetProcessById(id).Kill(); 
        } 
    } 
}