問題描述
我知道要接收有關(guān) Win32 進程創(chuàng)建或終止的通知,我們可能會使用 API PsSetCreateProcessNotifyRoutine() 實現(xiàn) NT 內(nèi)核模式驅(qū)動程序,該 API 提供注冊系統(tǒng)范圍回調(diào)函數(shù)的能力,該函數(shù)是每次新進程啟動、退出或終止時由操作系統(tǒng)調(diào)用.
I know that to receive notifications about Win32 process creation or termination we might implement a NT kernel-mode driver using the APIs PsSetCreateProcessNotifyRoutine() that offers the ability to register system-wide callback function which is called by OS each time when a new process starts, exits or is terminated.
這是否可以不創(chuàng)建 NT 內(nèi)核模式驅(qū)動程序,僅使用使用 c++ 的 Win32 API 函數(shù)?當然不是使用無限循環(huán)查詢活動進程列表的基本解決方案.
Is this possible without creating a NT kernel-mode driver, only using Win32 API functions using c++? Not using the basic solution of a infinite cycle querying the list of active process of course.
是否有任何庫或 win32 API 提供相同的功能(系統(tǒng)范圍的回調(diào)、異步事件)?
Is there any library or win32 API that provides the same functionality (system wide callback, asynchronous events)?
推薦答案
我唯一能想到的就是 WMI,不確定它是否提供進程創(chuàng)建回調(diào),但可能值得研究.
The only thing I could think of is WMI, not sure if it provides a process creation callback, but it might be worth looking into.
這篇關(guān)于如何在 C++ 中檢測 win32 進程的創(chuàng)建/終止的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網(wǎng)!