Reputation: 43
Using C++, How to detect process right before terminated
Im using Visual C++ I'm trying to monitor another process. Is there a way to detect when the process is terminated ? I mean right before it's terminated, the program can raise an event. After that event, the process will be terminated. I want my code run before the process is terminated.
The reason I want to do that because I use WMI to detect the process started. But some the process is ended too quickly, my code doesn't not run yet, but the process already ended.
Upvotes: 1
Views: 685
Answers (1)
Reputation: 129314
You would use the DebugActiveProcess function, and then use a loop which starts with WaitForDebugEvent - when the process exits, you get a EXIT_PROCESS_DEBUG_EVENT.
You will probably get a bunch of other debug events [it depends on when you attach to the process and what the process does after that point]. For those, you will just issue a call to ContinueDebugEvent - if it was an exception, DBG_EXCEPTION_NOT_HANDLED should be used, otherwise, DBG_CONTINUE.
Once you see your EXIT_PROCESS_DEBUG_EVENT, you do your thing, then issue DBG_CONTINUE. You will also need to handle LOAD_DLL_DEBUG_EVENT by closing the handle given, or you'll leak handles.
I haven't used DebugActiveProcess in exactly this manner, but I believe this will work.
See these functions for more details: Windows Debugging Functions
Upvotes: 2
Related Questions
- C++, How to determine if a Windows Process is running?
- C++ - Windows - catch process exit from Task Manager
- How to detect when a process is terminated in Linux using C++?
- Detecting if a process is still running
- C++ TerminateProcess function
- How to detect win32 process creation/termination in c++
- Running a Windows program and detect when it ends with C++
- How to guarantee some code to be executed when the process exits or gets killed in c++?
- Is it possible to detect 'end process' externally?
- process termination C++