winapi - How to detect win32 process creation/termination in c++

Question

I know that to receive notifications about Win32 process creation or termination we might implement a NT kernel-mode driver using the APIs PsSetCreateProcessNotifyRoutine() that offers the ability to register system-wide callback function which is called by OS each time when a new process starts, exits or is terminated.

Is this possible without creating a NT kernel-mode driver, only using Win32 API functions using c++? Not using the basic solution of a infinite cycle querying the list of active process of course.

Is there any library or win32 API that provides the same functionality (system wide callback, asynchronous events)?

question from:https://stackoverflow.com/questions/3556048/how-to-detect-win32-process-creation-termination-in-c

Answer 1

The only thing I could think of is WMI, not sure if it provides a process creation callback, but it might be worth looking into.