How to implement an extensible framework for hooking Win32 API functions.

The Win32 API provides a set of great libraries (PSAPI and ToolHelp [1]) that allow you to enumerate processes currently running in the system. Although these APIs are extremely powerful they don't permit you to get notifications when a new process starts or ends up. This article provides an efficient and robust technique based on a documented interface for achieving this goal

Single interface for enumerating processes and modules under NT and Win9x/2K.