With this data, and taking selective stack trace entries, it’s very easy to convert it to a timeline that resembles a log from an API Monitor…Ĭ:\Users\user\AppData\Local\Temp\Procmon64.exe The first one includes a list of processes and their properties:Īnd the second one lists the actual events:įollowed by the stack trace – all frames one bye one: It includes sections for process list and events. The second feature is the export to XML that may include the aforementioned stack trace (tick the ‘Resolve stack symbols’ as well – it will resolve addresses to actual function names if these are available in symbols). One possibility is that the original exe tries to launch the generated exe, fails quietly (no event logs either) and throws up a dialog before exiting.This is pretty cool as it helps researches to find out where the possible access to an interesting object (a key, a file, etc.) comes from -i.e. Now, why the installation process on 64bit Windows should be so inscrutable is anyone’s guess. The process monitor is a wonderful tool both in terms of its performance and user interface: I especially liked its Filter dialog which shows years of experience debugging Windows applications. I took the advice of others and copied over ProcMon64.exe to another directory. Googled and found that procmon.exe has an embedded resource with its 64bit version and spits this resource out as a hidden file in the temp directory (in my case c:\temp\procmon64.exe). I tried it a couple of times and then put on my thinking hat. On clicking OK it vanished and nothing happened. On running procmon I got this strange looking dialog: the kind I might create as a debug alert during development! I downloaded and extracted the procmon.exe. It was dated March 27th 2013 and hence very recent.
While struggling with a Python GStreamer installation on my Windows 7 machine I downloaded the Process Monitor tool from Technet ( ).
0 kommentar(er)
