Can I get the ExecutablePath from a System.Management.EventArrivedEventArgs object?

Question

I'm using a System.Management.ManagementEventWatcher to get the process ID and executable path for a started process:

private void startWatcher_EventArrived(Object sender, EventArrivedEventArgs e)
{
    String processID = e.NewEvent.Properties["ProcessID"].Value.ToString();

    var searcher = new ManagementObjectSearcher(new WqlObjectQuery(String.Format("Select ExecutablePath from Win32_Process where ProcessID = {0}", processID)));

    ManagementObject managementObject = null;
    foreach (ManagementObject obj in searcher.Get())
    {
        managementObject = obj;
        break;
    }

    Console.WriteLine(managementObject["ExecutablePath"]);
}

Using this WQL Query:

Select ExecutablePath from Win32_ProcessStartTrace

Is there a way that I can avoid doing the object search, but still get the ExecutionPath, using what is already available in the EventArrivedEventArgs object?

All I really need is the ProcessID and the ExecuatblePath for each new process that starts up. Is this the simplest way to get that?

score 2 · Accepted Answer · answered Jan 25 '10 at 19:32

2

No, what you got is as good as it gets. The available properties are listed here...

answered Jan 25 '10 at 19:32

Hans Passant

922,412
146
1,693
2,536

score 0 · Answer 2 · answered Jan 25 '10 at 17:24

0

I believe this article can help you: Using WMI to monitor process creation, deletion and modification in .NET

answered Jan 25 '10 at 17:24

Giorgi

30,270
13
89
125

Can I get the ExecutablePath from a System.Management.EventArrivedEventArgs object?

2 Answers2