Tuesday, August 14, 2007

 

Process Monitor: RegMon and FileMon Combined!

FileMon and RegMon (originally from SysInternals) have long been essential debugging tools in every developers toolkit. [If you are unfamiliar with these two tools, they monitor and report file and registry reads and writes. They were essential in tracking down incorrectly set permissions or overwritten or missing registry keys]

RegMon and FileMon could produce a huge amount of process trace data and consequently had a learning curve to make them effective.

Until recently they were separate tools. They have been combined into Microsoft’s Process Monitor tool, which integrates the functionality of FileMon and RegMon into a unified debugger, along with numerous significant enhancements. Process Monitor's user interface and options are similar to those of Filemon and Regmon, but it was rewritten from the ground up. The new tool has improved filtering options that preserve data, and better highlighting. Process Monitor logs processes and threads, collects more information, shows calling thread stacks for every event, and provides numerous ways to view collected data. The full list of enhancements is available on the download page.

Process Monitor (v1.21) is freeware and can be downloaded from http://www.microsoft.com/technet/sysinternals/utilities/processmonitor.mspx

Other useful links are the windows debugging tools (required for the symbols, if you want to examine system calls): http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

Mark Russinovich delivers an excellent TechNet video “Advanced Windows Troubleshooting with Sysinternals Process Monitor” here.

# posted by Mitch Wheat @ 9:57 pm

0 Comments:

Post a Comment



<< Home
    

Powered by Blogger