#pragma once


typedef LONG	NTSTATUS;
typedef LONG	KPRIORITY;

#define STATUS_INFO_LENGTH_MISMATCH      ((NTSTATUS)0xC0000004L)
#define SystemProcessesAndThreadsInformation	5
#define ProcessImageFileName					27

typedef NTSTATUS(NTAPI* ZWQUERYINFORMATIONPROCESS)(
	IN HANDLE ProcessHandle,
	ULONG ProcessInformationClass,
	OUT PVOID ProcessInformation,
	IN ULONG ProcessInformationLength,
	OUT PULONG ReturnLength OPTIONAL
	);

typedef BOOL(WINAPI* fnNotifyCallBack)(BOOL bCreate, DWORD dwPid, LPWSTR Path, DWORD PathLen);


class CProcessNotify
{
public:
	CProcessNotify();
	virtual ~CProcessNotify();

	virtual BOOL Start(DWORD nEnumInterval, BOOL bNotifyCurrent, fnNotifyCallBack cb, BOOL bOnce);
	virtual BOOL Finish();
	virtual BOOL OnNotify(DWORD nPid, BOOL bCreate);
	BOOL FinishPrivate();
protected:
	BOOL m_bOnce;
	HANDLE m_hThread;
	HANDLE m_hQuit;
	DWORD m_nEnumInterval;
	BOOL m_bNotifyCurrent;

	fnNotifyCallBack m_cb;

private:
	static DWORD WINAPI ProcessNotifyProc(LPVOID pArg);
	DWORD StartPrivate();

};