Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

EnumProcesses

35 views
Skip to first unread message

mandi

unread,
Aug 2, 2005, 10:12:03 AM8/2/05
to
I use EnumProcesses continuously in a loop, since I need to catch a certain
process right
after being launched. Then on every process id I check whether its the right
one. I'm looking for a way to shorten the time of this discovery. For
instance check only new processes, check only certain ID's etc.

Have you any idea to help me?

Thanks in advance

Mandi


Don Burn

unread,
Aug 2, 2005, 10:15:35 AM8/2/05
to
Get a small kernel driver that supports PsCreateProcessNotify and/or
PsSetLoadImageNotify to report to you when the right processes are started.


--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply


"mandi" <ma...@kiranit.com> wrote in message
news:uHC4vw2l...@TK2MSFTNGP10.phx.gbl...

Ivan Brugiolo [MSFT]

unread,
Aug 2, 2005, 12:17:26 PM8/2/05
to
Or, in user mode
StartTrace(SystemTraceControlGuid);
EnableTrace(EVENT_TRACE_FLAG_PROCESS),
and yous callback will receive the process creation/destruction events.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


"Don Burn" <bu...@stopspam.acm.org> wrote in message
news:jeLHe.991$Tt6...@fe04.lga...

poltrone

unread,
Aug 2, 2005, 1:12:26 PM8/2/05
to

> Or, in user mode
> StartTrace(SystemTraceControlGuid);
> EnableTrace(EVENT_TRACE_FLAG_PROCESS),
> and yous callback will receive the process creation/destruction events.

I find the idea of using event tracing to detect process creation quite
interesting. Unfortunatle i never learned about event tracing before and
your hints are quite shortish. From the MSDN library and the PSDK sample
'TRACELOG' i don't get what parameters exactly have to be provided to the
calls to StartTrace and EnableTrace. Where do i supply a callback routine?

Ciao,
poltrone


Ivan Brugiolo [MSFT]

unread,
Aug 2, 2005, 1:44:06 PM8/2/05
to
in EVENT_TRACE_LOGFILE::EventCallBack.

Try this query (aware of wrap)
http://groups-beta.google.com/groups?q=EnableTrace+EVENT_TRACE_FLAG_PROCESS+Ivan+Brugiolo&hl=en

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


"poltrone" <nos...@nospam.invalid> wrote in message
news:3l9nrrF...@uni-berlin.de...

Arkady Frenkel

unread,
Aug 3, 2005, 3:49:15 AM8/3/05
to
Use CBT Hook if process , you want to catch , have window(s)
Arkady

"mandi" <ma...@kiranit.com> wrote in message
news:uHC4vw2l...@TK2MSFTNGP10.phx.gbl...

0 new messages