检测子进程 [英] Detecting child processes

问题描述

有没有方法（在C ++和Windows XP中）来检测一个进程是否产生了任何其他进程？

Is there a way (in C++ & windows XP) to detect if one process spawns any other processes?

例如，

write.exe在system32 spawns wordpad.exe然后消失，是否有一个函数告诉我这个过程是否要这样做？

write.exe in system32 spawns wordpad.exe then disappears, is there a function that tells me if the process is about to do this?

对于那些感兴趣的我解决问题使用msdn的这一部分：

http://msdn.microsoft.com/en-us/library/aa390425(v=VS.85).aspx

for those interested i solved the problem using this section of msdn:
http://msdn.microsoft.com/en-us/library/aa390425(v=VS.85).aspx

推荐答案

Win32 API中没有任何内容。但是，它通过WMI与Win32_ProcessStartTrace查询支持。您会在此主题的答案中找到一些演示该查询的C＃代码。在C ++中写WMI代码是相当痛苦的，你会发现一个链接到样板代码，你必须写在MSDN库文章。

Nothing in the Win32 API for this. However, it is supported through WMI with the Win32_ProcessStartTrace query. You'll find some C# code that demonstrates the query in my answer in this thread. Writing WMI code in C++ is fairly painful, you'll find a link to boilerplate code you have to write in the MSDN Library article.

小心这不是特别快。对我来说不清楚的是，WMI提供程序从内核获取多少帮助来生成通知，但给定的速度，它像查询轮询。换句话说，这个过程很可能在你收到通知的时候。这对于多任务操作系统的课程来说并非如此。

Do beware that this isn't particularly fast. It isn't clear to me how much help the WMI provider gets from the kernel to generate the notification but given the speed it quacks like polling. In other words, the process is likely to be well on its way by the time you get the notification. This is otherwise par for the course on a multitasking operating system.

这篇关于检测子进程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！