Hi !
Does anyone know an easy way to detect the startup of a certain programm?
For example I select Notepad from my startmenu and a msgbox should pop up with
It would be enough if this will run in 2k/XP. Thought about hooking CreateProcess. Any other idea?
regards,
bAZiK
Does anyone know an easy way to detect the startup of a certain programm?
For example I select Notepad from my startmenu and a msgbox should pop up with
"c:\winnt\notepad.exe" launched!
It would be enough if this will run in 2k/XP. Thought about hooking CreateProcess. Any other idea?
regards,
bAZiK
Thanks Hiro. Anyone knows another way?
Check the debug APIs, i am sure there is a callback/message you can receive when a new process starts up, you could then get info on that process.
Thanks Hiro. Anyone knows another way?
You can try register hooking method, it's quite easy to implement but it will not catch 100% of exes. (i.e. those who are launched by CreateProcess)
You can implement a "shell execute hook".
See attached example. Function "Execute" in exechook.asm is the interesting part, the rest is COM bureaucracy.
See attached example. Function "Execute" in exechook.asm is the interesting part, the rest is COM bureaucracy.
By the way, is there any way to create a process (not a thread) without having to have already an EXE on the disk?