Click here to Skip to main content
15,886,199 members
Search within:


Articles / Programming Languages / C++
 

Detecting Windows NT/2K process execution

Rate me:
Please Sign up or sign in to vote.
4.94/5 (69 votes)
25 Mar 2002CPOL7 min read 1.1M   11.4K   233  
An article on how to get notification from the OS when a process starts
 
//---------------------------------------------------------------------------
//
// CustomThread.h
//
// SUBSYSTEM: 
//				
// MODULE:    
//
// DESCRIPTION:
//
// AUTHOR:		Ivo Ivanov
//                                                                         
//---------------------------------------------------------------------------
#if !defined(_CUSTOMTHREAD_H_)
#define _CUSTOMTHREAD_H_

#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000

//---------------------------------------------------------------------------
//
// Includes
//
//---------------------------------------------------------------------------
#include "common.h"
#include <tchar.h>
#include <windows.h>
#include "LockMgr.h"


//---------------------------------------------------------------------------
//
// class CCustomThread  
//
// It is an abstract class that enables creation of separate threads of 
// execution.
//                                                                         
//---------------------------------------------------------------------------
class CCustomThread  
{
public:
	CCustomThread(TCHAR* pszThreadGuid);
	virtual ~CCustomThread();
	//
	// Activate / Stop the thread 
	//
	void SetActive(BOOL bValue);
	//
	// Indicates whether the driver has been activated
	//
	BOOL GetIsActive();
	//
	// Setup the attribute
	//
	void SetIsActive(BOOL bValue);
	//
	// Return the handle to the thread's shut down event
	//
	HANDLE Get_ShutdownEvent() const;
private:
	//
	// Primary thread entry point
	//
	static unsigned __stdcall ThreadFunc(void* pvParam);
	//
	// Thread attributes
	//
	BOOL          m_bThreadActive;
	DWORD         m_dwThreadId;
	static HANDLE sm_hThread;
	CCSWrapper    m_CritSec;
	//
	// The name of the shut down event
	//
	TCHAR         m_szThreadGuid[255];
protected:
	HANDLE        m_hShutdownEvent;
	//
	// A user supplied implementation of the thread function.
	// Override Run() and insert the code that should be executed when 
	// the thread runs.
	//
	virtual void Run() = 0;
	//
	// Perform action prior to activate the thread
	//
	virtual BOOL OnBeforeActivate();
	//
	// Called after the thread function exits
	//
	virtual void OnAfterDeactivate();
};

#endif // !defined(_CUSTOMTHREAD_H_)
//----------------------------End of the file -------------------------------

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Ivo Ivanov
United States United States
I specialize in OS Internals and Reverse Engineering.
Before joining my current employer I used to run a security blog for malware analysis: http://vinsula.com/security-blog

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 25 Mar 2002

Article Copyright 2002 by Ivo Ivanov
Everything else Copyright © CodeProject, 1999-2024

Web02 2.8:2024-04-02:1