开发者

Is it possible to detect 'end process' externally?

开发者 https://www.devze.com 2023-04-05 17:14 出处:网络
Is there some way to detect that a program was ended by windows task manager\'s \"end process\"? I know that its kinda impossible to do that from wit开发者_如何学编程hin the application being ended (

Is there some way to detect that a program was ended by windows task manager's "end process"? I know that its kinda impossible to do that from wit开发者_如何学编程hin the application being ended (other than to build your app as a driver and hook ZwTerminateProcess), but I wonder if there is a way to notice it from outside. I don't want to stop the program from terminating, just to know that it was ended by "end process" (and not by any other way).


There might be a better way - but how about using a simple flag?

Naturally, you'd have to persist this flag somewhere outside of the process/program's memory - like the registry, database, or file system. Essentially, when the app starts up, you set the flag to 'True' when the app shuts down through the normal means, you set the flag to 'False'.

Each time the application starts you can check the flag to see if it was not shut down correctly the previous time it was executed.


Open up a handle to the process with OpenProcess, and then wait on that handle using one of the wait functions such as WaitForSingleObject. You can get the exit status of the process using GetExitCodeProcess. If you need your program to remain responsive to user input while waiting, then make sure to wait on a separate thread (or you can periodically poll using a timeout of zero, but remember the performance consequences of polling -- not recommended).

When you're done, don't forget to call CloseHandle. The process object won't be fully deleted from the OS until all of its handles are closed, so you'll leak resources if you forget to call CloseHandle.

Note that there's no way to distinguish between a process exiting normally or being terminated forcefully. Even if you have a convention that your program only ever exits with a status of 0 (success) or 1 (failure) normally, some other process could call TerminateProcess(YourProcess, 1), and that would be indistinguishable from your ordinary failure mode.


According to the documentation, ExitProcess calls the entry point of all loaded DLLs with DLL_PROCESS_DETACH, whereas TerminateProcess does not. (Exiting the main function results in a call to ExitProcess, as do most unhandled exceptions.)

You might also want to look into Application Recovery and Restart.


One option might be to create a "watchdog" application (installed as a service, perhaps) that monitors WMI events for stopping a process via the ManagementEventWatcher class (in the System.Management namespace).

You could query for the death of your process on an interval or come up with some event driven way to alert of your process's demise.

Here's sort of an example (it's in C# though) that could get you started.

0

精彩评论

暂无评论...
验证码 换一张
取 消