I'm making my own process monitor and I would like to inquiry processes which are using GPU(CUDA/OpenCL for monitoring unintended execution of CryptoCoin miners.
I tried with System.Management, but I couldn't find any querystring for it.
What should I do for it? I googled several time for it, but no useful informations were found.
Related
Note: While my sample code is in Powershell, I could easily convert a C# sample into Powershell. I believe that C# developers are more likely to have encountered this issue, even though I am using Powershell to try and do this.
I am trying to debug an issue with server-side Word automation. I know that you're not meant to use it for server applications and we are in the process of changing the application so it doesn't do this but until this happens I need a reliable way to debug issues where it hangs as it does so randomly.
It is not OK for me to just switch .Visible = True on the Word object because it doesn't fail all the time. I just need a way to retrieve it every now and again when it does.
If I start Word and execute this script, it works:
$w = [System.Runtime.InteropServices.Marshal]::GetActiveObject("Word.Application")
$w.Visible = $false;
Start-Sleep -Seconds 5
$w.Visible = $true;
However, if the hanging copy of Word starts as invoked by the COM+ process, the following exception occurs:
Exception calling "GetActiveObject" with "1" argument(s): "Operation unavailable (Exception from HRESULT: 0x800401E3 (MK_E_UNAVAILABLE))"
The Powershell and COM+ process run under the same user, and in Task Manager they both show up as running under the same user.
I have tried running Powershell as all combinations of elevated/non-elevated and x86/x64 modes to no avail.
Therefore I assume the process is in another context or area that I am not able to access from my Powershell session.
So my question is one of:
How can I launch the Powershell process as part of the COM+ process?
How can I switch my context so I can access this object instance?
Is there any other way I can try and retrieve this hidden window and set it to visible?
Unfortunately, most questions that seemed to revolve around this theme end with someone saying "well, don't do that then". Sadly we don't have an option to redevelop this significant part of the system at the moment and I would like to get this documented for those of us who have to deal with these legacy systems from time to time.
For my project I need a way to get data regarding screens that are connected.
In specific, I need to identify whether a monitor is a laptop internal screen or an external screen, and get all the screen data.
I need to get this information both in c++ and C#.
I read about Win32_DesktopMonitor, about EnumDisplayDevices and about Screen Class.
I read also some related questions here:
Monitor ID and Serial Number
Find Number and resolution to all monitors
EnumDisplayDevices vs WMI Win32_DesktopMonitor, how to detect active monitors?
I havn't found an answer yet. Any Ideas?
To get the information whether monitor is internal you can use WMI class WmiMonitorConnectionParams from root\wmi namespace.
Code would need to create a CimSession by connecting to WMI either through DCOM or WinRM (with authentication as needed if enumerating remote computer monitors), then call EnumerateInstances(#"root\wmi", "WmiMonitorConnectionParams") on that session.
Resulting collection will contain InstanceName (string) and VideoOutputTechnology (UInt32).
You will need both for each monitor so you can match them with the other stuff you need.
If VideoOutputTechnology is 0xFFFFFFFF, then that's the Default Monitor entry and it can be ignored. If it is 0x80000000, then it is internal. Other types of connection are documented in d3dkmdt.h header file (online documentation at the moment of this writing does not provide correct values for the enum).
The most reliable way to get model, serial number, as well as year and week of manufacture is by reading and parsing the raw EDID block (by calling WmiGetMonitorRawEEdidV1Block).
I hope you can get by on your own from here.
What you can do is query the Windows WMI classes:
http://msdn.microsoft.com/en-us/library/aa394554(v=vs.85).aspx
Those classes allows the user to collect various information about the computer (hardware, os, ...)
I don't know if you'll find the properties you need, but it might be worth a look.
You're looking for this class:
http://msdn.microsoft.com/en-us/library/aa394122(v=vs.85).aspx
Im currently writing a kinda print monitor app to run on a print server. The request is as follows:
When a user is printing on a specific application, the information about the application which initiated the print job is necessary. When monitoring the printer queue it gives me user information and lots of other stuff, but querying the information about the application which had initiated the printjob cannot be found.
Questions are:
Is there a C#/.NET way to find out which application (e.g. winword, excel, etc) has initiated a print job?
Is this information stored in the PrintQueue or the printspooler or anywhere else? How can this be done using the System.Printing Namespace or Win32Api ?
Any Ideas?
I am not sure but I think you could get the required info from PrintSystemJobInfo.
PrintJobInfoCollection collection = LocalPrintServer.GetDefaultPrintQueue().GetPrintJobInfoCollection();
Iterate the collection and get the PrintSystemJobInfo instances.
Above is a screen shot I took in Windows PE environment while applying an image to a machine. As you can see I have filtered the results of Windows Sysinternals Process Monitor so that only ReadFile operations on the Win8 32-bit image by the Dism.exe process are shown.
I am in need of finding a way to access this same information using C/C#/C++ without the .NET framework (because supposedly the .NET framework doesn't exist in PE environment). I have searched, asked around, and searched again for Namespaces and Classes that would allow me to extract this information from the kernel without luck.
I am most interested in having the ability to access the value "Offset" that you can see in the image. This number is the location offset of the Read operation on the file and I need this value for the program I am required to make.
Does anybody know how I can achieve my goal? This is obviously possible to do in the PE environment because Process Monitor does it, so how can I do the same thing?
You might want to look at file mini-filters. Process Explorer basically installs one on the system when you start it for the first time. The mini-filter can be installed and started without the need for a reboot.
The mini-filter runs inside the kernel like any other device drivers and from there you can monitor any file activity (read, write, create, delete, close, execute, etc.)
You'd have to write this in C. You can also get info from the OSR distribution list.
I see that this question has been asked many times in stackoverflow, as well as in other places. The questioners solved their problem by different methods. Most of these solutions are around how they designed their applications and locking level on the files.
I understand that Windows provides Read/Write protection in different ways. But, still, if the file is on my disk, and being an administrator, can't I read the contents of the locked file forcefully? Any pointers on how I can achieve that would be greatly helpful.
The file in question is totally inaccessible to other processes through C# .NET APIs. Looks like its readlocked.
Thanks.
If file is locked from your app, you have to close all buffers/streams or whatever you have opened before.
If file is locked from something else the only solution I know is to use Unlocker, which can be run even without GUI using some console param (so using Process class in C#).
But be careful to walk this way, because you could corrupt file and create some memory leak closing with brute force opened handles and probably application that was using them.