1

我正在尝试创建一个将在用户登录和注销时记录的服务。我捕获登录没有问题,但由于某种原因我无法捕获注销事件。这是我使用的代码:

protected override void OnStart(string[] args)
{
    //SystemEvents.SessionSwitch +=    new SessionSwitchEventHandler(SystemEvents_SessionSwitch);
    SystemEvents.SessionEnding += new SessionEndingEventHandler(SystemEvents_SessionEnding);
}
void SystemEvents_SessionEnding(object sender, SessionEndingEventArgs e)
{
    this.EventLog.WriteEntry("We have cought logout event");
    sendData("off");
}

我尝试过使用 SessionEnding、SessionEnded 和 SessionSwitch,但它们似乎都不起作用。我已经检查了该服务,它已启动并正在运行,并且该服务正在本地系统帐户下运行,并且勾选了“允许服务与桌面交互”选项。

有什么建议么?

服务等级:

public partial class Service1 : ServiceBase
{
    public Service1()
    {
        InitializeComponent();
    }
    protected override void OnStart(string[] args)
    {
        EventLog.WriteEntry("WinSendSED", "Starting WinSendSED");
        new Thread(RunMessagePump).Start();
    }
    void RunMessagePump()
    {
        EventLog.WriteEntry("WinSendSED.MessagePump", "Starting WinSendSED Message Pump");
        Application.Run(new HiddenForm());
    }
    protected override void OnStop()
    {
        //sendData("off");
        Application.Exit();
    }
}

隐藏形式:

public partial class HiddenForm : Form
{
    public HiddenForm()
    {
        InitializeComponent();
    }
    private string makeNiceMAC(string s)
    {
        for (int i = 0; i < 5; i++)
        {
            s = s.Insert((3 * i) + 2, "-");
        }
        return s;
    }
    private string getUserName()
    {
        Process[] ps = Process.GetProcesses();
        foreach (Process p in ps)
        {
            if (p.ProcessName.Trim() == "explorer")
            {
                ObjectQuery sq = new ObjectQuery
                    ("Select * from Win32_Process Where ProcessID = '" + p.Id + "'");
                ManagementObjectSearcher searcher = new ManagementObjectSearcher(sq);
                foreach (ManagementObject oReturn in searcher.Get())
                {
                    string[] o = new String[2];
                    oReturn.InvokeMethod("GetOwner", (object[])o);
                    return o[0];
                }
            }
        }
        return "";
    }
    private string GetIPAddress()
    {
        IPAddress[] addr = Dns.GetHostEntry(Dns.GetHostName()).AddressList;
        for (int i = 0; i < addr.Length; i++)
        {
            if (addr[i].ToString().Contains("."))
                return addr[i].ToString();
        }
        return "127.0.0.1";
    }
    private string printData()
    {
        WindowsIdentity id = WindowsIdentity.GetCurrent();
        NetworkInterface[] nis = NetworkInterface.GetAllNetworkInterfaces();
        NetworkInterface ni = nis[0];
        foreach (NetworkInterface nii in nis)
        {
            if ((nii.OperationalStatus == OperationalStatus.Up)
                && (!nii.GetPhysicalAddress().ToString().EndsWith("000000E0"))
                && (nii.GetPhysicalAddress().ToString().Length > 5))
            {
                ni = nii;
            }
        }
        string line = "";
        line = line + "'" + makeNiceMAC(ni.GetPhysicalAddress().ToString()) + "', ";
        line = line + "'" + GetIPAddress() + "', ";
        line = line + "'" + getUserName() + "'";
        return line;
    }
    private void sendData(string cmd)
    {
        Socket s = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP);
        IPEndPoint ipAdd = new IPEndPoint(IPAddress.Parse(//"127.0.0.1"), 2345);
            "123.123.123.123"), 2345);
        try
        {
            s.Connect(ipAdd);
            String szData = cmd + printData();
            byte[] byData = System.Text.Encoding.ASCII.GetBytes(szData);
            s.Send(byData);
            s.Close();
        }
        catch (SocketException se)
        {
            s.Close();
        }
    }

    private void HiddenForm_Load(object sender, EventArgs e)
    {
        SystemEvents.SessionEnding += 
            new SessionEndingEventHandler(SystemEvents_SessionEnding);
    }

    void SystemEvents_SessionEnding(object sender, SessionEndingEventArgs e)
    {
        EventLog.WriteEntry("WinSendSED", "We have cought logout event");
        sendData("off");
    }

    private void HiddenForm_FormClosing(object sender, FormClosingEventArgs e)
    {
        SystemEvents.SessionEnding -= 
            new SessionEndingEventHandler(SystemEvents_SessionEnding);
    }

    private System.ComponentModel.IContainer components = null;

    protected override void Dispose(bool disposing)
    {
        if (disposing && (components != null))
        {
            components.Dispose();
        }
        base.Dispose(disposing);
    }

    private void InitializeComponent()
    {
        this.SuspendLayout();
        this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
        this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
        this.ClientSize = new System.Drawing.Size(0, 0);
        this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None;
        this.Name = "HiddenForm";
        this.Text = "HiddenForm";
        this.WindowState = System.Windows.Forms.FormWindowState.Minimized;
        this.Load += new System.EventHandler(this.HiddenForm_Load);
        this.FormClosing += new System.Windows.Forms.FormClosingEventHandler(this.HiddenForm_FormClosing);
        this.ResumeLayout(false);

    }
}
4

1 回答 1

1

使用组策略怎么样?如果您使用本地计算机的组策略,您可以在注销事件上启动一个进程。

于 2010-02-23T13:44:16.580 回答