Re: Process notification

As you see from prev. posts there is no obsolute user mode solution on how
to be notified when process is created. Your implementation is easy, but
not efficent. It's not even reliable, because some process may be started
and then immidiatly terminated - your "monitoring loop" may not detect it.

Hooking CreateProcessA(W) in kernel mode (SDT hooking) will allow you to
avoid things described above.

--
Vladimir

"Leugi" <alfranze@xxxxxxxxxxxxxx> wrote in message
news:O3egxccBGHA.3936@xxxxxxxxxxxxxxxxxxxxxxx
> "Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxx>
> wrote:
>
>> btw, this topic has already been discussed recently
>>
> http://groups.google.com/group/microsoft.public.win32.programmer.kernel/brow
> se_frm/thread/68fc37443ce9e956/aaaa763b42cc6b47#aaaa763b42cc6b47
>>
>> --
>> Vladimir
>
>
> Thank you.
> I read them, but the solutions and my solution in my program, need a loop
> for continue monitoring.
> I´d like to use the message loop of the Windows for this.
> I think the system has something in the Explorer like this ...
>
>
> Leugi
>
>


.

Relevant Pages

  • Re: processing a sequence
    ... (loop for sublist = (collect-sublist) ... return accum if not element = list.first ... if prev and element < prev ... James still didn?t show his Ruby one-liner that outperforms the Lisp ...
    (comp.lang.lisp)
  • RE: Extreme beginner question on reading lines from a file.
    ... print FILEOUT "M98PPECK.SUBL1\n"; ... the 1st line is written into $prev. ... This code will fail if there's ... If it fails it returns false and the loop exits. ...
    (perl.beginners)
  • copy error
    ... each time through loop ... It also returns a '1' which I dont not understand since it ... Shouldnt it be '0'? ... Prev by Date: ...
    (comp.lang.perl.misc)
  • Re: increasing counter whithin loop?
    ... Notching up the counter in a C-style loop is a _concise_ way to do ... prev = nil ... prev = elt ... I'm not sure I would find the C version clearer if I ...
    (comp.lang.ruby)