Is there a way (in C ++ and Windows XP) to detect if one process spawns other processes?
eg,
write.exe in system32 spawns wordpad.exe then disappears, is there a function that tells me if the process is about to do this?
for those who are interested, I solved the problem using this msdn section:http://msdn.microsoft.com/en-us/library/aa390425 (v = VS.85) .aspx
Win32 API . WMI Win32_ProcessStartTrace. #, . WMI ++ , , MSDN.
, . , WMI , , , . , , , . .
, . , ( , ). , , , , .
CreateToolhelp32Snapshot, Process32First Process32Next . PROCESSENTRY32, th32ParentProcessID.
CreateToolhelp32Snapshot
Process32First
Process32Next
PROCESSENTRY32
th32ParentProcessID
; CreateProcess, .
CreateProcess
I think you need to create a global DLL map that is bound to every running process. The DLL then finds the place where the call to the CreateProcess function maps to the actual CreateProcess from kernel32 and modifies the entry in the table to redirect the call to its own code in order to “discover” the CreateProcess call. All of this assumes that some user firewalls will not interfere with the execution of your global host.
Source: https://habr.com/ru/post/1769569/More articles:При настройке размера шрифта в CSS, почему бы не установить на 6.25%, чтобы px и em единицы были одинаковыми? - cssThis is a good time to use multithreading in ASP.NET MVC and how is it implemented? - multithreadingHow to easily change font size from px to em for a large, existing site? - cssTwo-way encryption on a local web server that could be stolen - securityIs it possible to conditionally hide properties at compile time in .Net? - c #Access Properties.Settings.Default from a class? - c #Specific .NET Errors Windows 7 - .netIs it good practice to complete ConcurrentHashMap read and write operations with ReentrantLock? - javaC # / ASP based on reverse AJAX - c #How can I execute a custom QueryInterface for .NET 3.5? - .netAll Articles