Search code examples
c++winapiprocesswmiwaitforsingleobject

win32 process termination detection: WMI vs. WaitForSingleObject


I am writing a windows service (c++) that need to detect specific windows process termination.

I thought about two different approaches to detect the termination:

  1. Using WMI as described here.
  2. Using winapi WaitForSingleObject(hHandle, INFINITE) function on the process' handle.

The obvious difference is that WMI uses a CALLBACK function.

What are the other major differences, advantages and disadvantages, between the two approaches?

Thanks!


Solution

  • I've written a process monitoring service before, and used WMI to monitor the processes. It allows you to specifiy a "where" clause of processes to monitor and, as you mentioned, calls you when something has happened.

    The advantage of this is that you don't have to have a thread block waiting for the processes in question to exit, but instead can just run your WMI query and wait for the callback when something terminates. The downside is that the WMI API is a bit more wordy then the Win32 API. In particular you have to build up queries as string in WMI.