Reputation: 117
Is there a way to recieve a event about a process starting in windows?
TL;DR
I have written a program in C++ to close all "new" programs that start that were not running when my program started. Currently I do this by capturing all PIDs and then constantly checking all registered applications against this list. Those who are not on my list I attempt to close/kill. This is very CPU intensive for such a simple task. Is there a way to receive some sort of windows event so I don't need to have a very active thread?
I found this hook which might do what I need it to do, but it kind of seems geared towards other purposes, not quite what I need.
In a nutshell:
Is there a event I can receive from windows right after/before a process launches?
Upvotes: 6
Views: 2836
Answers (1)
Reputation: 101609
Ideally you would do this in user-mode and without polling and the only thing I can think of that comes close is WMI events.
A C++ example can be found here. You might also want to read about the differences between __InstanceCreationEvent and Win32_ProcessStartTrace.
Upvotes: 4
Related Questions
- Listen For Process Start and End
- Can I Get Notified When Some Process Starts?
- How to detect win32 process creation/termination in c++
- Possible to hook an event for ReadProcessMemory()?
- Running a Windows program and detect when it ends with C++
- Monitor process start in the system
- Event to handle Open With (WinApi)
- Is there a way to get an event from windows on every new process that is started?
- Watching Global Events created by a native process in a .NET process
- How do I listen/identify when a program runs in Windows using C++?