Linked by Thom Holwerda on Tue 27th May 2008 10:36 UTC, submitted by Pierre
Windows Mark Russinovich and Bryce Cogswell have released a new version of a real-time process monitor for Windows (tentatively called 'Process Monitor') that combines the features of Regmon and Filemon. There is a whole set of new features too, of course.
Order by: Score:
windows tracing
by project_2501 on Tue 27th May 2008 11:14 UTC
project_2501
Member since:
2006-03-20

Tracing for windows would be very useful and I havent' yet found a tool that will allow me to do it.

By tracing I mean the level of detail that tracing on Linux/BSD/Solaris allows. This includes:
* what calls what (incl external libraries and systen calls)
* how long did it spend in that call
* what state is it in (sleep, wait_io, etc)

Showing a list of files open or seeing the memory consumption is not enough.

I believe Microsoft doesn't want to open up too much access but surely something more useful than "list open files, show registry access" is warranted in the 21st century!

Dtrace for windows would be brilliant, and possibly embarassing too. I see that Apple have tried to cripple to save blushes: http://blogs.sun.com/ahl/date/20080118

Reply Score: 3

RE: windows tracing
by Laurence on Tue 27th May 2008 13:48 UTC in reply to "windows tracing"
Laurence Member since:
2007-03-26

Tracing for windows would be very useful and I havent' yet found a tool that will allow me to do it.
[snip]


There were MS tools available which did most of those points - though the tools were only included with Visual Studio AFAIK

I can't imagine many people (other than developers) would want such a verbose breakdown though

Edited 2008-05-27 13:49 UTC

Reply Score: 3

RE: windows tracing
by Bit_Rapist on Tue 27th May 2008 18:44 UTC in reply to "windows tracing"
Bit_Rapist Member since:
2005-11-13

Tracing for windows would be very useful and I havent' yet found a tool that will allow me to do it.

By tracing I mean the level of detail that tracing on Linux/BSD/Solaris allows. This includes:
* what calls what (incl external libraries and systen calls)
* how long did it spend in that call
* what state is it in (sleep, wait_io, etc)


You want Windbg, not process monitor.

http://www.microsoft.com/whdc/devtools/debugging/default.mspx

Reply Score: 2

Good Tool
by rexstuff on Tue 27th May 2008 13:27 UTC
rexstuff
Member since:
2007-04-06

I've been using this tool (during the limited time I spend in Windows) for some months now, and I highly recommend to any power user. It's great - you can even replace the classic Task Manager, so when you do the three finger salute (ctrl+alt+del), up comes this much more useful and informative tool.

It may not have all the features of the CLI tools available to pretty much any *Nix, but it's definetly a step up.

Reply Score: 2

RE: Good Tool
by Moocha on Tue 27th May 2008 16:52 UTC in reply to "Good Tool"
Moocha Member since:
2005-07-06

I've been using this tool (during the limited time I spend in Windows) for some months now, and I highly recommend to any power user. It's great - you can even replace the classic Task Manager, so when you do the three finger salute (ctrl+alt+del), up comes this much more useful and informative tool.

It may not have all the features of the CLI tools available to pretty much any *Nix, but it's definetly a step up.


You're thinking of Process Explorer, to be found at

http://www.microsoft.com/technet/sysinternals/Security/ProcessExplo...

The post is about Process Monitor. Similar names, different tools with different purposes.

Reply Score: 1

RE[2]: Good Tool
by rexstuff on Tue 27th May 2008 17:43 UTC in reply to "RE: Good Tool"
rexstuff Member since:
2007-04-06

Oh wow, you're right - I have been completely fooled. Same look, same source, same group of people, no less.

Though I will withdraw my recommendation for 'Process Monitor', as I have never used it, I will now extend my recommendation for 'Process Explorer'.

They do serve somewhat similar purposes, though, and have a similar look and are by the same people, so I wouldn't really say that they are 'different tools with different purposes'. An honest mistake?

Reply Score: 2

No point
by FunkyELF on Tue 27th May 2008 14:59 UTC
FunkyELF
Member since:
2006-07-26

In my opinion there is no point in having a good process monitor for an operating system that doesn't manage processes properly, which is the one thing OS's should do correctly.

Great, a process is hogging the CPU, I want to kill it. How do you start up your process monitor. In Windows every time that happens I hit ctrl-shift-esc to bring up the task manager and it doesn't show up until the process is done hogging the CPU. That, or it takes 2 minutes for it to come up, then you kill the process 20 times over the next 2 minutes before it actually stops. I'm pretty sure these are fundamental problems in Windows itself and using a different process monitor won't help. I've used process explorer and its nice to find which process has a file handle preventing you from deleting or renaming a directory but its no better at killing processes.

With Linux if anything other than X freezes or is hogging your CPU you can still fire up a terminal and run xkill without waiting much time at all. If X freezes you can ctrl-alt-f1 and kill the process manually and most times you don't even need to restart X.

So, what I'm saying is that there are fundamental process handling problems with Windows XP that didn't get fixed in Vista....but ooohh is it shiny!

Reply Score: 1

RE: No point
by b0ne on Tue 27th May 2008 15:21 UTC in reply to "No point"
b0ne Member since:
2006-05-19

Both Process Explorer and Task Manager run at the "real time" process priority (ie: it gets scheduled before almost everything else), so it usually takes a few milliseconds to come up even in a heavy load environment, not several minutes.

As for terminating the process, you can use command like tools from sysinternals (see: pskill) or tasklist and taskkill which are built in to XP and newer.

Reply Score: 3

RE[2]: No point
by Moocha on Tue 27th May 2008 16:56 UTC in reply to "RE: No point"
Moocha Member since:
2005-07-06

Both Process Explorer and Task Manager run at the "real time" process priority (ie: it gets scheduled before almost everything else)

No, they do not run using the Realtime priority class. By default they both run at High priority.
so it usually takes a few milliseconds to come up even in a heavy load environment, not several minutes.

CPU load, yes. I/O load, no. If a runaway process eats up all your disk bandwidth, it can take minutes for the OS to read in the text pages from an executable, be it even the smallish taskmgr.exe.

Reply Score: 2

RE: No point
by Bit_Rapist on Tue 27th May 2008 18:38 UTC in reply to "No point"
Bit_Rapist Member since:
2005-11-13

n my opinion there is no point in having a good process monitor for an operating system that doesn't manage processes properly, which is the one thing OS's should do correctly.

Process monitor is not a program you start when you have a hung process. Its a tool you use when you need to investigate what a process may be doing in realtime [not exactly realtime but a trail of what the process has done].

If you have a hung process, its a little late to start process monitor. You might start process monitor and then try to recreate the issue to investigate a possible root cause, but starting process monitor in response to a hanging process will generally yield few results.

Edited 2008-05-27 18:40 UTC

Reply Score: 4

RE: No point
by stabbyjones on Wed 28th May 2008 02:50 UTC in reply to "No point"
stabbyjones Member since:
2008-04-15

if you try and close things from the applications tab in windows task manager it can take multiple tries. this is because it's trying to close the program not kill it.

closing from the processes tab is a one time kill.

applications is the junkie with a flick knife and processes is the sniper. i don't know many people who use the task manager for any more than restarting explorer so this may be a bit of overkill.

Reply Score: 1

Comment by Luminair
by Luminair on Tue 27th May 2008 16:33 UTC
Luminair
Member since:
2007-03-30

not sure why their process monitor app exists separately from their process explorer app

Reply Score: 2

phoudoin
Member since:
2006-06-09