I'm writing a wrapper around Sysinternal's ProcDump and I want it to dump spawned subprocesses of the initial process as well. Is there any easy way to do it or do I have to do some kind of API hooking on CreateProcess?
In this answer I explain why there is no easy way. Another answer of that question gives you code for the closest possible solution.
You'll need to hook CreateProcess, CreateProcessAsUser, CreateJob, ShellExecute, ShellExecuteEx and maybe others.