Detector 0 Posted June 6, 2019 Hello, Looking for some realiable fast and stable method to track programs executed. Function/program should add to list new program executed. Is that possible without driver to make it works? Share this post Link to post
Der schöne Günther 316 Posted June 6, 2019 Your question is relatively vague. I guess the technical definition of "programs executed" means "whenever the WinApi CreateProcess(..) routine is called"? In that case, the Microsoft or MahdiSafsafi libraries are probably the fastest way: https://github.com/MahdiSafsafi/DDetours https://github.com/microsoft/detours/wiki/Using-Detours Share this post Link to post
David Heffernan 2345 Posted June 6, 2019 No need to hook anything. And in any case, what would you hook? Every process in the entire system? The system raises WMI events when processes are created and destroyed. https://stackoverflow.com/questions/47147099/is-there-a-way-to-recieve-a-event-about-a-process-starting-in-windows Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
