Is there a way to get notification within your process when a remote process opened a process handle to your process from usermode

I am trying to figure out who killed my process from taskmanager. Since taskmanager uses TerminateProcess and to Terminate a process remotely, it opens a Process Handle first.

So I am trying to look for UserMode ways to get a notification when a remote process tries to open a handle to my process.

I am aware there are possible solutions for this from Kernel mode using Driver Callbacks etc. But currently I am looking for User Mode possible solutions

I am trying to figure out who killed my process.

There is no official way to do that.

I am trying to look for UserMode ways to get a notification when a remote process tries to open a handle to my process.

There is no such notification in user mode.

The only way I can think of doing this is to use SetWindowsHookEx() to globally inject a custom DLL into every running process, and then you can have that DLL manually hook OpenProcess() directly, such as with a detour.

The hook can then compare the function's dwProcessId parameter value against your app's current process ID, which you can store in a block of globally shared memory while your app is running, such as via CreateFileMapping()+MapViewOfFile() (see Sharing Files and Memory and Creating Named Shared Memory).