Can I Get Notified When Some Process Starts?

Question

I need to know (preferably with the least latency) when foo.exe is launched.

Right now, I have a thread that sits in a light loop (~10 Hz) and walks the process tree looking foo.exe.

This is less than elegant and I was wondering whether I could register with some part of the Windows API to get a callback when any process starts.

If no such facility is available, I am, of course, open to other methods of accomplishing this task more elegantly.

Answer 1

You can register yourself as a debugger for foo.exe through the Image File Execution Options. Anytime the system needs to launch foo.exe, it'll launch your app and pass foo.exe and its parameters to you. You will have to start the process yourself.

Note: as usual, some words of caution by Raymond Chen.

You can also set a system-wide message hook and for each new process your dll gets loaded, check if it's the one you care you just pass through, for foo.exe you notify yourself and then pass through. Unfortunately, that means you will be injecting your code in each process and you will be hurting the system perf a little bit. Not to mention that you can actually hose everybody if you have a bug in your code.

Answer 2

Possible options:

Is foo.exe under your control? If so modify the source code to send a signal.

Is foo.exe not under your control? Write an injection DLL and have it send a signal when it's loaded into the process with the right name.