Kayaker
May 1st, 2002, 22:19
Hello Folks,
Check it out ;-)
Detecting Windows NT/2K process execution
By Ivo Ivanov
http://www.codeproject.com/threads/ProcMon.asp
Abstract
Intercepting and tracing process execution is a very useful mechanism for implementing NT Task Manager-like applications and systems that require manipulations of external processes. Notifying interested parties upon starting of a new processes is a classic problem of developing process monitoring systems and system-wide hooks. Win32 API provides set of great libraries (PSAPI and ToolHelp [1]) that allow you to enumerate processes currently running in the system. Although these APIs are extremely powerful they don't permit you to get notifications when a new process starts or ends up. This article provides an efficient and robust technique based on a documented interface for achieving this goal.
and don't forget:
API hooking revealed by Ivo Ivanov
http://www.codeproject.com/system/HookSys.asp
Cheers,
Kayaker
Check it out ;-)
Detecting Windows NT/2K process execution
By Ivo Ivanov
http://www.codeproject.com/threads/ProcMon.asp
Abstract
Intercepting and tracing process execution is a very useful mechanism for implementing NT Task Manager-like applications and systems that require manipulations of external processes. Notifying interested parties upon starting of a new processes is a classic problem of developing process monitoring systems and system-wide hooks. Win32 API provides set of great libraries (PSAPI and ToolHelp [1]) that allow you to enumerate processes currently running in the system. Although these APIs are extremely powerful they don't permit you to get notifications when a new process starts or ends up. This article provides an efficient and robust technique based on a documented interface for achieving this goal.
and don't forget:
API hooking revealed by Ivo Ivanov
http://www.codeproject.com/system/HookSys.asp
Cheers,
Kayaker
