So, the profiler is written in c++ and is launched by the CLR automatically when the process to be profiled is launched. The process then launches another application (the main target of profiling). Profiler is launched for this process also. All this is taken care of, but the problem is:
Only one of these two profilers can communicate with the front end application via NamedPipe. I need both the profilers to write on the same pipe so that the front end application remains straight-forward and simple. Is this possible using some kind of semaphore to ensure that one of the processes write to the pipe at one time? I use the CreateFile() function to open the pipe in the profiler.
Related
TL;DR
I have written a program in C++ to close all "new" programs that start that were not running when my program started. Currently I do this by capturing all PIDs and then constantly checking all registered applications against this list. Those who are not on my list I attempt to close/kill. This is very CPU intensive for such a simple task. Is there a way to receive some sort of windows event so I don't need to have a very active thread?
I found this hook which might do what I need it to do, but it kind of seems geared towards other purposes, not quite what I need.
In a nutshell:
Is there a event I can receive from windows right after/before a process launches?
Ideally you would do this in user-mode and without polling and the only thing I can think of that comes close is WMI events.
A C++ example can be found here. You might also want to read about the differences between __InstanceCreationEvent and Win32_ProcessStartTrace.
I have an .exe Program, which triggers some other files during execution.
So at a given point, the tree might become like:
Main program
-Program 1
-Program 2
-Program 3
Of all these programs I have their PID, so I am able to close them successfully. However, when a user 'brute forces the program' (read close the program manually), I am unable to close these child programs. Is there an option to trigger the closing of child-programs before the main-program itself will actually exit. (Something is for example also possible in an html-page to remind the user e.g. or they really want to leave te page).
Because, when this situation occurs, on the next run the main-program will try to start up these child-programs again, however they are already running. (And the settings of the main-program are time dependent and have to be transferred to the other child-programs on start-up to work properly)
Ideally, I would like to have a cross-platform solution, since I have to make the app available for Windows, Linux and MacOS.
Thanks for your answers.
This is an OS feature and each OS offers it in its own way. Keeping track of the PIDs does not work, for once for the reason you mention (your parent process may itself crash) and second because the child process may spawn grand-children processes of its own that needs to be tracked, and then grand-grand-children and so on.
On Windows this is handled by NT Job Objects by asking for the JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE:
Causes all processes associated with the job to terminate when the last handle to the job is closed.
The way to use it is to create the job object in the parent process and make the handle non-inheritable. Then any child process will become part of the job, but only one handle exisst (the one owned by the parent). If the parent crashes then the handle is reclaimed by the OS and this will terminate the NT job object, killing all child processes as well as any grand-child or grand-grand-child process.
On Linux (and OS X) the same functionality is achieved with process groups.
I am not aware of any cross-platform library that would abstract this into a coherent uniform API.
I'm writing a "glue logic" library (.dll) that connects an external, proprietary application to our program (.exe). When the application requests (calling the right library function) our program should be started, and then the library continues operation, receiving data from the program over sockets, transforming produced data to the format digestible by the application, and returning it when the application performs calls to 'data getter' functions of the library.
I can start the program.exe relatively easily: fork a new process in the dll and call system() or exec() from the new process. On unload/end/stop call, I can send a 'quit' command to the program over sockets, and it will end just fine.
The problem is if the proprietary app, or the library crashes, is killed, or ends in an unexpected manner. I want program.exe to end, or be killed as well. While leaving it running wouldn't be that much of a problem, if the application is restarted, I'd need to search for old instances of the program, and kill them 'manually' before starting it anew (potentially with new startup parameters.)
I'd much prefer the program to die the moment the app or the library dies/crashes/is killed. I heard there is a special way of starting applications so they behave that way, but the person, who told me this can't recall how exactly it was done. Could you tell me?
Is it possible to create a windows service to create and maintain another process? Like I'm writing a program, and say a virus killed the process, could I have my window service running and basically 'watching' it? I already have the code for a regular application that stays running and executes a program if it's not currently running, to keep it running.
I've never written a service before, but would it be that hard to just write this simple program, which basically runs a check to see if the process is running, if not, it executes it and sleeps for a few minutes?
Thanks.
Yes, it is possible. It is not uncommon to see third-party apps have watchdog services to keep them running in case of crashes. A service can enumerate running processes using EnumProcesses(), and if the desired executable is not running then start a new copy of it using CreateProcessAsUser().
If the service is the one starting the executable process in the first place, or can find it after an enumeration, one optimization would be to keep an open handle to the process (returned by CreateProcess...(), or use OpenProcess() on the process ID an enumeration returns), and then use a wait function, like WaitForSingleObject(), to detect when the process stops running. That way, you don't have to enumerate processes to find out if the intended process is still running or not.
I want to make an application in C or C++ which have to monitor some specific processes. How can I make it possible in C?
You said that you have tomaonitor "some specific processes". If your application started the processes, you can extract the process handles from the PROCESS_INFORMATION structure (field hProcess) you passed to the CreateProcess function. If the process you want to track has been launched in some different way, you need the process' ID (PID), and use it as third argument of OpenProcess to obtain an handle. So you can use the WaitForSingleObject or WaitForMultipleObjects functions to wait for the process completion. Optionally you can obtain the process' exit code with the GetExitCodeProcess function.
There are other ways by which an application can start a new process (e.g. by the _system() library function), but I strongly suggest to use CreateProcess directly in your code, since you can control the child process' behaviour completely (e.g. you can select the priority, pass stdin/stdout/stderr handles, decide the startup window's characteristics...).
Suggested example:
http://msdn.microsoft.com/en-us/library/ms682512%28VS.85%29.aspx
You start a process in Windows with the CreateProcess() function. It returns a HANDLE to the process in PROCESS_INFORMATION.hProcess. That handle will be signaled when the process terminates, allowing you to keep track of its lifetime. Use WaitForSingleObject() or WaitForMultipleObjects() to do so. There's a code sample available here...
Before you write your own, have you looked at Process Monitor v2.8?
Process Monitor is an advanced
monitoring tool for Windows that shows
real-time file system, Registry and
process/thread activity. It combines the features of two legacy
Sysinternals utilities, Filemon and
Regmon, and adds an extensive list of
enhancements including rich and
non-destructive filtering,
comprehensive event properties such
session IDs and user names, reliable
process information, full thread
stacks with integrated symbol support
for each operation, simultaneous
logging to a file, and much more.
Boost.Process
sample for Win32 Platform.