Is there a way to get an event from windows with every new running process?

Question

Is there a way to get an event from windows with every new running process?

I want to be notified every time the operating system starts a new process.
Note that I need this in my own code (I know that this can be done in managed code using System.Management elements).
Additional points, if there is a way to get it before starting the launch process (during initialization)

Thanks.

+4

c ++ windows process winapi native

Ohad horesh Mar 2 '10 at 14:44

source share

3 answers

You cannot control the creation of a process or register a callback from user space. Maybe this article can help. Connecting your own API and creating a system-wide management process

To simply register a callback, you can use the PsSetCreateProcessNotifyRoutine, available in the MS DDK. Its use with an example can be found at www.codeproject.com/KB/threads/procmon.aspx

0

pavan Mar 2 '10 at 15:13

source share

Real-time ETW tracing will give you this information with low system overhead. Please note that this will not allow you to hook on the creation process (i.e., this will only be a notification, you cannot control whether the process really starts)

0

Paul betts Mar 03 '10 at 7:32

source share

Ismael · Accepted Answer · 2010-03-02T15:25:13+0000

The problem with using the driver is that you need permission to install it, but otherwise I think this is the safest method.

In user space, you can try to create a window hook that will work if such an application uses windows, but otherwise is pretty unpleasant.

Alternatively, you can try using WMI , which is the underlying technology used in C #. You can search for pointers in this anwers and examples .

Is there a way to get an event from windows with every new running process?

More articles: