WQL query for notification on process creation/termination

Asked Feb 25 '15 at 10:57

Active Feb 25 '15 at 10:57

Viewed 142 times

I have a WQL query as follows that lists all the running processes of my system.

ExecQuery(
        bstr_t("WQL"), 
        bstr_t("SELECT * " 
            "FROM  Win32_Process"), 
        WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY, 
        NULL,
        &pEnumerator);

Now how should I write a WQL query to get notification on process creation and termination using C++. I tried "SELECT * FROM __InstanceCreationEvent", "SELECT * FROM Win32_ProcessStartTrace",etc.. But it didnot work. Please help.

asked Feb 25 '15 at 10:57

Jackzz

1,417
4
24
53

No one to help ??? :( – Jackzz Feb 26 '15 at 04:18
Please be patient. I don't know the answer, but someone else might. Not all of us are active all the time. – andlabs Feb 26 '15 at 20:55

WQL query for notification on process creation/termination

0 Answers0