Hi,

I'm a total newbie at VB.NET so please bare with me.  I would like to
create a simple service that will log all exe and com files that are
executed but I don't know where to start.

I'm pretty sure I know how to create a Windows Service using VB.NET
2003.  However, I am stuck on the next part.  When a user runs an
application I would like to create a text file that logs the EXE or COM
file name that has been executed.  The text file is a single file and
each entry of EXE or COM will be date/time stamped.

How do I capture the EXE or COM file name that has been run by the
user?

Can someone point me in the right direction?

Thanks.

Hi,

        I have not tried this in a windows service but you can use the wmi
to be notified when an application is started. It appears that if you list
the running process with the wmi the last one on the list is the one that
just started.  You need to add a reference to system.management.  Hope this
helps.

Imports System.Management

Public Class Form1
    Dim WithEvents w As ManagementEventWatcher
    Dim q As WqlEventQuery
    Delegate Sub LoadList()

    Private Sub Form1_FormClosing(ByVal sender As Object, ByVal e As
System.Windows.Forms.FormClosingEventArgs) Handles Me.FormClosing
        w.Stop()
    End Sub

    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
        Try
            q = New WqlEventQuery
            q.QueryString = "SELECT * FROM" & _
                        " __InstanceCreationEvent WITHIN 1 " & _
                        "WHERE TargetInstance isa ""Win32_Process"""
            w = New ManagementEventWatcher(q)
            w.Start()
        Catch ex As Exception
            Trace.WriteLine(ex.ToString)
        End Try
        LoadDriveList()
    End Sub

    Private Sub LoadDriveList()
        ListBox1.Items.Clear()
        Dim moReturn As Management.ManagementObjectCollection
        Dim moSearch As Management.ManagementObjectSearcher
        Dim mo As Management.ManagementObject

        moSearch = New Management.ManagementObjectSearcher("Select * from
Win32_Process")

        moReturn = moSearch.Get
        For Each mo In moReturn
            ListBox1.Items.Add(mo("Name").ToString)
        Next

    End Sub

    Private Sub w_EventArrived(ByVal sender As Object, ByVal e As
System.Management.EventArrivedEventArgs) Handles w.EventArrived
        For Each p As Process In Process.GetProcesses
            Trace.WriteLine(p.MainWindowTitle)
        Next
        ListBox1.Invoke(New LoadList(AddressOf LoadDriveList))
    End Sub
End Class


Ken
-----------------------
<gerard.me***@gmail.com> wrote in message
Show quoteHide quote

Thanks Ken.  I get "Namespace or type 'management' for the Imports
'System.management' cannot be found." as an error message.

I'm using VB.Net 2003 with .Net Framework 1.1

Have I missed something here?

Hi,

        You need to add a reference to system.management for the application
to work.  Right click on references in the solution explorer and select add
reference

Ken
------------------

Show quoteHide quote

Create application to extract data from excel sheet
How can we mail some file without mentioning the SMTP server addre
Treeview population directly from MSAccess
Macros too slow !
Datagrid with comboboxes
storing mysql data to a random access file
debug problem
Excel.application
How to have the same info on two menus
Error Message