我在想，如果有一种方法，我可以勾了Windows进程，以检查是否有可疑的程序都一样（Wireshark的，提琴手，OllyDbg的，等等）上运行。

I was wondering if there is a way I could hook the windows processes to check if any suspicious programs are running like (Wireshark, Fiddler, OllyDBG, etc).

我要挂钩的Windows进程，因此将关闭客户端或弹出实时信息检测到有害的程序时。

I want to hook the windows processes so it will close the client or pop-up a message in real time when it detects a unwanted process.

如果你们能为我提供做这个的任何链接，将是很好的。

If you guys can provide me with any links to doing this that would be nice.

谢谢！

推荐答案

您可以检测过程中的创作通过使用WMI创造事件的 的Win32_Process 。 的Win32_Process 与每个进程创建的，因此寻找新的实例会告诉你有关进程创建的（近）实时的实例。

You can detect process creations by using WMI creation events for Win32_Process. An instance of Win32_Process is created with each process, so looking new instances will tell you about process creation in (near) real time.

要获得WMI创建事件看到这个页面： HTTP：/ /msdn.microsoft.com/en-us/library/system.management.eventquery.aspx 。（编辑：不同的链接，现在在C＃示例）

To receive WMI creation events see this page: http://msdn.microsoft.com/en-us/library/system.management.eventquery.aspx ( different link, now to sample in C#).