How to detect win32 process creation/termination in c++

c++ process winapi

Solution 1:

WMI is great and it works with process names too. Although if you need to track process termination the more lightweight and easier way is the following:

VOID CALLBACK WaitOrTimerCallback(
    _In_  PVOID lpParameter,
    _In_  BOOLEAN TimerOrWaitFired
    )
{
    MessageBox(0, L"The process has exited.", L"INFO", MB_OK);
    return;
}

DWORD dwProcessID = 1234;
HANDLE hProcHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessID);

HANDLE hNewHandle;
RegisterWaitForSingleObject(&hNewHandle, hProcHandle , WaitOrTimerCallback, NULL, INFINITE, WT_EXECUTEONLYONCE);

This code will call WaitOrTimerCallback once the process terminated.

Solution 2:

The only thing I could think of is WMI, not sure if it provides a process creation callback, but it might be worth looking into.

Related

Generic hash for tuples in unordered_map / unordered_set
System error 58 while accessing shares on Windows 7 from XP
No /mnt/hgfs in Ubuntu guest under VMWare Fusion
Disable Windows Key hotkeys when using Virtualbox
What is the 'this' pointer?
Who should handle the conditions in complex queries, the data mapper or the service layer?
Difference between the == and %in% operators in R [duplicate]
Create and download a CSV file from a Flask view
How to find all partitions of a set
php / Mysql best tree structure
What would an AST (abstract syntax tree) for an object-oriented programming language look like?
Remove HTML tags from record