下面代码是如何使用C#编写一个Windows服务来捕获Windows用户登录事件:
using System;
using System.ServiceProcess;
using System.Diagnostics;
namespace UserLoginService
{
public partial class UserLoginService : ServiceBase
{
private EventLog eventLog;
public UserLoginService()
{
InitializeComponent();
this.ServiceName = "UserLoginService";
this.CanHandleSessionChangeEvent = true;
eventLog = new EventLog("Security");
eventLog.EntryWritten += new EntryWrittenEventHandler(OnEntryWritten);
}
protected override void OnStart(string[] args)
{
eventLog.EnableRaisingEvents = true;
eventLog.WriteEntry("服务启动);
}
protected override void OnStop()
{
eventLog.WriteEntry("服务停卡");
}
private void OnEntryWritten(object sender, EntryWrittenEventArgs e)
{
EventLogEntry entry = e.Entry;
if (entry.InstanceId == 4624) // 4624这个事件ID表示成功登录
{
string message = entry.Message;
Console.WriteLine("用户登录: " + message);
}
}
}
}
