Поймать прибитие процесса.

В общем если это дочерний процесс, то все неплохо работает

Демо

Code (Text):

1. #include <windows.h>
2. #include <iostream>
3. #include <atomic>
4. #include <thread>
5.  
6.  
7. void WaitForDebugEvents(HANDLE hProcess) {
8.   DEBUG_EVENT debugEvent;
9.   while (true) {
10.     // Wait for a debug event
11.     if (WaitForDebugEvent(&debugEvent, INFINITE)) {
12.       // std::cout << "Catch debug Event. ThreadID: " << debugEvent.dwThreadId << std::endl;
13.       // Check event type
14.       if (debugEvent.dwDebugEventCode == EXIT_THREAD_DEBUG_EVENT) {
15.         std::cout << "Thread terminated with exit code: " << debugEvent.u.ExitThread.dwExitCode << std::endl;
16.       }
17.       else if (debugEvent.dwDebugEventCode == EXIT_PROCESS_DEBUG_EVENT) {
18.         std::cout << "Process terminated with exit code: " << debugEvent.u.ExitProcess.dwExitCode << std::endl;
19.         break;  // Exit loop
20.       }
21.       // Process other events as needed
22.  
23.       // Continue the event to the next handler
24.       ContinueDebugEvent(debugEvent.dwProcessId, debugEvent.dwThreadId, DBG_CONTINUE);
25.     }
26.     else {
27.       std::cout << "Fail WaitForDebugEvent" << std::endl;
28.     }
29.   }
30. }
31.  
32. bool EnableDebugPrivilege()
33. {
34.   bool bResult = false;
35.   HANDLE hToken = NULL;
36.   DWORD ec = 0;
37.  
38.   do
39.   {
40.     if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
41.       break;
42.  
43.     TOKEN_PRIVILEGES tp;
44.     tp.PrivilegeCount = 1;
45.     if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid))
46.       break;
47.  
48.     tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
49.     if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL))
50.       break;
51.  
52.     bResult = true;
53.   } while (0);
54.  
55.   if (hToken)
56.     CloseHandle(hToken);
57.  
58.   return bResult;
59. }
60.  
61. int main() {
62.  
63.   STARTUPINFO si = { sizeof(si) };
64.   PROCESS_INFORMATION pi;
65.   ZeroMemory(&pi, sizeof(pi));
66.   // Create a child process
67.   if (!CreateProcess(
68.     L"c:\\Windows\\notepad.exe",
69.     NULL,
70.     NULL,
71.     NULL,
72.     FALSE,
73.     0,
74.     NULL,
75.     NULL,
76.     &si,
77.     &pi)) {
78.     std::cerr << "Error creating process: " << GetLastError() << std::endl;
79.     return 1;
80.   }
81.  
82.   if (EnableDebugPrivilege()) {
83.     HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pi.dwProcessId);
84.     if (!hProcess)
85.     {
86.       std::cerr << "Failed to OpenProcess for debug." << GetLastError() << std::endl;
87.     }
88.     else {
89.       if (DebugActiveProcess(pi.dwProcessId)) {
90.         std::cout << "Wait debug event .... " << std::endl;
91.         WaitForDebugEvents(hProcess);
92.       }
93.       else {
94.         std::cout << "Fail to debug process." << GetLastError() << std::endl;
95.       }
96.     }
97.     CloseHandle(hProcess);
98.   }
99.   else {
100.     std::cerr << "EnableDebugPrivilege false." << std::endl;
101.   }
102.  
103.   std::cout << "Main thread is exiting." << std::endl;
104.  
105.   return 0;
106. }