ProcessWatcher

Questions and comments specific to a particular plugin should go here.
User avatar
kgschlosser
Site Admin
Posts: 3700
Joined: Fri Jun 05, 2015 5:43 am
Location: Rocky Mountains, Colorado USA

Re: ProcessWatcher

Post by kgschlosser » Mon Jan 30, 2017 7:31 pm

woo hoo. found it

https://msdn.microsoft.com/en-us/librar ... 85%29.aspx

that's what i was looking for...

and here is an example of use in C

https://www.codeproject.com/Articles/20 ... xx211519xx


and i believe windll would be the way to go with this...

Code: Select all

windll.NtosKrnl.PsSetCreateProcessNotifyRoutineEx(SOMEPYTHONFUNCTION, True)
If you like the work I have been doing then feel free to Image

jonib
Plugin Developer
Posts: 1280
Joined: Thu Mar 26, 2009 9:33 pm
Location: Sweden

Re: ProcessWatcher

Post by jonib » Mon Jan 30, 2017 7:31 pm

kgschlosser wrote:I believe it's hooking it's own device driver/dll because of the first parameter.
Hmm, I think I was kinda clear it was using its own DLL
jonib wrote:I found this Deviare .DLL library that hooks into Windows APIs to get events.
jonib
XBMC2 plugin to control XBMC. If you want to flatter me Image

jonib
Plugin Developer
Posts: 1280
Joined: Thu Mar 26, 2009 9:33 pm
Location: Sweden

Re: ProcessWatcher

Post by jonib » Mon Jan 30, 2017 7:40 pm

kgschlosser wrote:woo hoo. found it
Nice.

jonib
XBMC2 plugin to control XBMC. If you want to flatter me Image

User avatar
kgschlosser
Site Admin
Posts: 3700
Joined: Fri Jun 05, 2015 5:43 am
Location: Rocky Mountains, Colorado USA

Re: ProcessWatcher

Post by kgschlosser » Mon Jan 30, 2017 7:44 pm

sorry i didn't notice that the forum had made a link with a .DLL attached to it. but There has to be a viable solution without having to add an additional DLL.. I am hoping that the information in my last post is the solution.. because it's going right to the cow to get the milk.. Now i do not know which would be a better solution or which one would be closest to real time.. but I think that getting notifications right from the kernel would be the fastest means. instead of having to go through pywin32 then through the dll and then to where ever it goes form there...

This is a whole side of python i know nothing about. or windows for that matter.. but i'm learning :-D
If you like the work I have been doing then feel free to Image

jonib
Plugin Developer
Posts: 1280
Joined: Thu Mar 26, 2009 9:33 pm
Location: Sweden

Re: ProcessWatcher

Post by jonib » Mon Jan 30, 2017 7:51 pm

kgschlosser wrote:but There has to be a viable solution without having to add an additional DLL..
I agree, but using a .DLL is acceptable if it provides better functionality, in my opinion.
I am hoping that the information in my last post is the solution.. because it's going right to the cow to get the milk.. Now i do not know which would be a better solution or which one would be closest to real time.. but I think that getting notifications right from the kernel would be the fastest means. instead of having to go through pywin32 then through the dll and then to where ever it goes form there...
A quick search seems to indicate that a driver is needed to use this API, and it needs to be signed.
This is a whole side of python i know nothing about. or windows for that matter.. but i'm learning :-D
Well I know something, but still mostly learning. :lol:

jonib
XBMC2 plugin to control XBMC. If you want to flatter me Image

User avatar
kgschlosser
Site Admin
Posts: 3700
Joined: Fri Jun 05, 2015 5:43 am
Location: Rocky Mountains, Colorado USA

Re: ProcessWatcher

Post by kgschlosser » Mon Jan 30, 2017 7:55 pm

i just found the same thing about a 64 bit system having to be in debugging mode to make it work

Code: Select all

If you want to do the same thing in C# you can use WMI. Use the ManagementEventWatcher, execute a query against Win32_ProcessStartTrace and register a method to be called when a new process is detected.

I wouldn't recommend doing this at the driver level; you will need to get it MS (WHQL) certified or it won't work on 64bit systems (without the user putting the OS in debug mode)
But it gave 2 pointers on hot to make WMI send notifications instead of having to poll it.. I don't know if this is what your method used. I would have to go back and read your example
If you like the work I have been doing then feel free to Image

Sem;colon
Experienced User
Posts: 589
Joined: Sat Feb 18, 2012 10:51 am
Location: Germany

Re: ProcessWatcher

Post by Sem;colon » Mon Jan 30, 2017 7:57 pm

kgschlosser wrote:My bad i didn't see the fact you added extra things like the pic..
No worries mate, read more carefully next time, safes a lot of work ;-)
kgschlosser wrote:Have you tried the bit on the closing of the dialogs that i coded up based on your idea??? I didn't know if ya saw that or not
I didn't... Please don't get me wrong, I very much appreciate your work and enthusiasm for the project, but you post and change so many things, so fast that I can't catch up to it. To be honest I stopped even trying... I can't read as fast as you write, man! :D
So it's ready from your site? Coded and tested it etc.? Then I'll try to take a look asap.
kgschlosser wrote:I had to change out some things like the use of eg.TranslatableStrings . and I also removed the use of Iterkeys() because if we ever change to python 3 it will be less work to have to convert this stuff later... may as well get into the habit of doing it now. and i combined the repeat code for the triggering of an event into a single method. because i had to add some more things to it..
Actually, iterkeys() should be used instead of the "for" loop from a performance perspective. Also the rest of the code you wrote doesn't look very efficient to me...
I recommend you to read this, helped me a lot: https://wiki.python.org/moin/PythonSpee ... rmanceTips

And for that event selector, I unfortunately have to tell you that I (personalty) don't like it.
The Process Watcher plugin is designed to monitor all processes, not specific ones. (even though it's optional, I don't like it)
For specific processes, there already is a plugin: viewtopic.php?f=9&t=2792

It looks like you're on a good way of finding an alternative to the polling, that will not only catch small processes, but also will be a huge performance improvement! :D

User avatar
kgschlosser
Site Admin
Posts: 3700
Joined: Fri Jun 05, 2015 5:43 am
Location: Rocky Mountains, Colorado USA

Re: ProcessWatcher

Post by kgschlosser » Mon Jan 30, 2017 9:03 pm

I apologize for that the original information i had read did not explain the whole thing with needing to run a 64 bit system in debugging mode. and not after reading a whole bunch of other documentation did i come across that one liner stating that..

and to be honest with you i do not know why i used a for loop to get the keys.. i think my brain was off on a tangent.. the reason i think i did it was because iterkeys returns an iterator object and not a list. and i was unsure if there would be a performance /memory difference if i passed a list to it instead of an iterator/generator object object to it. so that would be why i used the for loop. but I would have to test to see if there is some kind of a difference with just putting keys(), iterkeys() or a for loop. but since we are trying to get to using python 3.X the use of iterkeys has been removed form it and would require someone to have to go back and change it out. so why not just do it now..

and to keep thing on the pep8 compliant side of things repeating code is one of those things you should avoid .

and as much as you don't like the optional dialog it does in fact increase performance not having to trigger events or try to wake the system because of an event that is not going to be used or needed. it's a bad use of system resources to have it spit out things that ya don't even care about... and if you do happen to want to see everything there is the ability to turn it off.


and as far as the inefficient code please do elaborate on this. i would like to have an example so i can better my coding ability
If you like the work I have been doing then feel free to Image

Sem;colon
Experienced User
Posts: 589
Joined: Sat Feb 18, 2012 10:51 am
Location: Germany

Re: ProcessWatcher

Post by Sem;colon » Mon Jan 30, 2017 10:37 pm

Just wrote a big text - guess what, my session timed out...
Sorry, no code comments for you, already wasted my whole evening now for nothing.
It were just my 2ct anyway, if you think it's useful, go for it.
But well, that feature would make the plugin useless for my application, so I'd have to find some other solution (you don't need to understand that, I have my reasons :) )

jonib
Plugin Developer
Posts: 1280
Joined: Thu Mar 26, 2009 9:33 pm
Location: Sweden

Re: ProcessWatcher

Post by jonib » Tue Jan 31, 2017 1:03 pm

I think I found a good enough solution using Win32_ProcessStartTrace and Win32_ProcessStopTrace to monitor process start/stop events.
They seem to be real events and not just polling for info, they don't miss any processes started. From my testing compared to the polling one that misses several percent of my rapidly started processes.
CPU usage seems low but need to do some more testing to verify.

Need to finish the plugin implementation, then I'll post it for testing.

jonib
XBMC2 plugin to control XBMC. If you want to flatter me Image

jonib
Plugin Developer
Posts: 1280
Joined: Thu Mar 26, 2009 9:33 pm
Location: Sweden

Re: ProcessWatcher

Post by jonib » Tue Jan 31, 2017 2:55 pm

Hmm, I'm not really happy with the Win32_ProcessStartTrace implementation, the events are fired a bit slow and that creates a situation that the "Destroyed" event can come before the Created event for the same process.
I use one thread for Created events and one thread for Destroyed events and that seems to create the synchronization problem.

There is also a problem with the process name in the Destroyed events, they get truncated.

I have attached a test version, it uses a different GUID so it can be compared.

jonib
Attachments
__init__.py
ProcesWatcherMod
(4.9 KiB) Downloaded 82 times
XBMC2 plugin to control XBMC. If you want to flatter me Image

User avatar
kgschlosser
Site Admin
Posts: 3700
Joined: Fri Jun 05, 2015 5:43 am
Location: Rocky Mountains, Colorado USA

Re: ProcessWatcher

Post by kgschlosser » Tue Jan 31, 2017 11:38 pm

hey jonib. I have a gift for you.. I am thinking you will want to use this.. and can complete this plugin in the best manner possible.

it is attached

Code: Select all

python RUNTHIS.py
you need to have pywin32 and be running python 2.7 x32

This was a whole bucket load of fun. NOT. It was a really large pain.

I am sure you will be able to make this work very easily in this plugin

make sure you read the notes in the files. they will tell you what's what and who is who.

and when a dialog opens. it may be in Chinese.. but don't close it.. open and close a few things and watch the output closing the dialog ends it.

This is a NO THREADS NO POLLING solution. I will chit chat more about it when ya try it out.. it's from something you were working with tho. I just managed to get it running.
If you like the work I have been doing then feel free to Image

jonib
Plugin Developer
Posts: 1280
Joined: Thu Mar 26, 2009 9:33 pm
Location: Sweden

Re: ProcessWatcher

Post by jonib » Wed Feb 01, 2017 3:25 am

kgschlosser wrote:I am thinking you will want to use this.. and can complete this plugin in the best manner possible.
Does it work in EventGhost? As I already can get event's using the DeviareCOM.dll but not in EventGhost.

I'm off to bed so won't be here for a while.

jonib
XBMC2 plugin to control XBMC. If you want to flatter me Image

User avatar
kgschlosser
Site Admin
Posts: 3700
Joined: Fri Jun 05, 2015 5:43 am
Location: Rocky Mountains, Colorado USA

Re: ProcessWatcher

Post by kgschlosser » Wed Feb 01, 2017 6:15 am

yes it does. works just fine.

** EDIT

There is a glitch I am trying to sort.. it stops working randomly I am trying to figure out a pattern to it. But I am sure it is solvable
If you like the work I have been doing then feel free to Image

jonib
Plugin Developer
Posts: 1280
Joined: Thu Mar 26, 2009 9:33 pm
Location: Sweden

Re: ProcessWatcher

Post by jonib » Wed Feb 01, 2017 9:44 am

kgschlosser wrote:yes it does. works just fine.
OK, can you post your code, I'm assuming you use EventGhost 0.5? I'm using EG 0.4 so that might be my problem.

Edit: Got it working, I knew it was something simple, I did not save the Deviere object so it got deleted after the plugin initializes. Stupid Argh :roll: :o :shock: :? :oops: :cry: :wink: :| :D

Edit2:
There is a glitch I am trying to sort.. it stops working randomly I am trying to figure out a pattern to it. But I am sure it is solvable
Hmm, I'm getting that too with my code. :?

jonib
XBMC2 plugin to control XBMC. If you want to flatter me Image

Post Reply