Search and Destroy Process using C#

最近看到一个考试系统，有个功能是用来监视进程的。一旦发现如Communicator.exe这样的违禁软件就立即杀死进程并上报给服务器。我稍微研究了一下，这个功能实现起来其实很简单。就是使用ManagementObjectSearcher获取进程列表，然后放在一个Collection里，之后就可以按照自己的逻辑去做了。

下面是一个例子：获取进程列表、创建“违禁”进程名单、查找并杀死进程。注意先要在项目里添加System.Management的引用。

using System;
using System.Management;

namespace ConsoleApplication3
{
    
    class Program
    {
        static void Main(string[] args)
        {
            // Show Process List
            Console.WriteLine("===========Process List===========");
            ManagementObjectCollection objects = new ManagementObjectSearcher("SELECT * FROM Win32_Process").Get();
            foreach (ManagementObject item in objects)
            {
                Console.WriteLine((item["Name"].ToString()));
            }

            // Create Ban List
            Console.WriteLine("===========Ban List===========");
            string lst = "Communicator.exe,POWERPNT.exe,notepad.exe";
            string[] bannedProc = lst.Split(‘,‘);
            foreach (string s in bannedProc)
            {
                Console.WriteLine(s);
            }

            // Search and Destroy
            Console.WriteLine("===========Search and Destroy===========");
            Console.WriteLine("Searching for banned process...");
            int count = 0;
            foreach (string item in bannedProc)
            {
                if (DetectProcess(item))
                {
                    count++;
                    Console.WriteLine("Process [{0}] Detected!", item);
                    Console.WriteLine("[{0}] was killed {1}.", item, KillProcess(item) ? "Successfully" : "Unsucessfully");
                }
            }
            Console.WriteLine("Done, {0} banned process found", count);
        }

        protected static bool DetectProcess(string pProcessName)
        {
            ManagementObjectCollection objects = new ManagementObjectSearcher("SELECT * FROM Win32_Process").Get();
            foreach (ManagementObject item in objects)
            {
                string str = item["Name"].ToString();
                if (str.Trim().ToUpper() == pProcessName.Trim().ToUpper())
                {
                    return true;
                }
            }
            return false;
        }

        public static bool KillProcess(string pProcessName)
        {
            ManagementObjectCollection objects = new ManagementObjectSearcher("SELECT * FROM Win32_Process").Get();
            foreach (ManagementObject item in objects)
            {
                string str = item["Name"].ToString();
                if (str.Trim().ToUpper() == pProcessName.Trim().ToUpper())
                {
                    string[] args = new string[] { "0" };
                    item.InvokeMethod("Terminate", args);
                    return true;
                }
            }
            return false;
        }
    }
}

效果如下：