tags:

views:

242

answers:

5
+1  Q: 

How do I listen/identify when a program runs in Windows using C++?

Specifically, I want to listen to when programs are run and record information such as: timestamp, executable, windows name and user.

A: 

Look into using the Perfmon API's (check MSDN for references).

Nick  2008-10-09 05:30:18
+2  A: 

Alternatively, use the WMI interface to find out what's running and take appropriate action. In the VBScript code below the WMI subsystem is being queried with Select * from Win32_Process so as to change the process priority. Find out what other attributes are available for Win32_Process and you should find stuff that's heading in the direction you want to go.

Const NORMAL_PRIORITY = 32
Const LOW_PRIORITY = 64
Const REALTIME_PRIORITY = 128
Const HIGH_PRIORITY = 256
Const BELOWNORMAL_PRIORITY = 16384
Const ABOVENORMAL_PRIORITY = 32768

Function SetPriority( sProcess, nPriority )
    Dim sComputer
    Dim oWMIService
    Dim cProcesses
    Dim oProcess
    Dim bDone

    bDone = False
    sComputer = "."
    Set oWMIService = GetObject("winmgmts:\\" & sComputer & "\root\cimv2")

    Set cProcesses = oWMIService.ExecQuery ("Select * from Win32_Process Where Name = '" & sProcess & "'")
    For Each oProcess in cProcesses
        oProcess.SetPriority( nPriority )
        bDone = True        
    Next
    SetPriority = bDone
End Function
boost  2008-10-09 06:33:31
+1  A: 

The most obscene way of doing this is the Google-desktop way
Namely to have your DLL load into every process that is ever started and to log information.
If you're interested more, install google desktop and watch its dll load into your processes. Then look in the registry to see it does it.
Be mindful that this is entering to the realm of virus like behaviour.

shoosh  2008-10-09 09:02:20
+1  A: 

I would use the PSAPI function EnumProcesses() to periodically get a list of running processes.

Ferruccio  2008-10-09 10:41:47
+1  A: 

You could set up a WMI permanent event subscription to monitor process creation and log the details. I have some samples here - one of the samples monitors notepad.exe creation and logs the events in a txt file. Permanent event subscription monitors events 'at all times', but if you want to monitor events 'for the duration of your application', you can use WMI COM API with C++ - the WQL event query is the same in both cases. The documentation is here.

Uros Calakovic  2008-10-09 14:11:38

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS