A few years ago Mark Russinovich and I put together a feature in SysInternal’s Process Monitor where you can add tracing statements to the log. (Here’s the original post.) The idea was that by seeing your tracing in line with the wonderful Process Monitor I/O reporting, it would be easier to track down problems in you code. This is especially true when you are using 3rd party libraries that might be hitting the disk or registry a ton.
In the original blog post I gave you the code to make this Process Monitor feature easy to use. The code works with native C++ and managed .NET applications and supports both x86 and x64, I’ve updated the code to Visual Studio 2013, fixed a minor bug, and moved it up to Wintellect’s GitHub page for your enjoyment. Grab the latest version here.
Right now I’m just providing the source code. If people need the compiled versions instead, let me know and I’ll add those as well.
Cloud management is difficult to do manually, especially if you work with multiple cloud…
Azure’s scalable infrastructure is often cited as one of the primary reasons why it's the…
https://www.youtube.com/watch?v=wDzCN0d8SeA Watch our "Unlocking the Power of AI in your Software Development Life Cycle (SDLC)"…
FinOps is a strategic approach to managing cloud costs. It combines financial management best practices…
Using Kubernetes with Azure combines the power of Kubernetes container orchestration and the cloud capabilities…
In the intricate landscape of modern business, compliance is both a cornerstone of operational integrity…
View Comments
I have been unable to get this to work. I grabbed the code from github and built it. I'm using the latest procmon (3.10) and I've confirmed that ProcMonDebugOutput(), called from NativeTest, 32-bit, thinks that it is working. The DeviceIoControl call is returning 1. But nothing shows up. I have reset the procmon filters, searched for Profiling in the results, set up a filter that shows just operations that contain profiling -- nothing. It just fails. Any ideas?
BTW, your solution is not well formed. You need to add a reference (Project-> References-> Add New Reference) from NativeTest to ProcMonDebugOutput so that ProcMonDebugOutput automatically builds. Right now if you build NativeTest individually it may fail to link. You then don't need to list ProcMonDebugOutput$(Platform).lib as a linker input -- it will be automatically found.
Both blog posts on this feature omit a crucial detail: by default procmon will not display these messages! With the default filters they will be hidden because procmon's default filters omit all events whose Event Class is equal to Profiling. This is mentioned in the procmon help file. You have to delete or replace that line in order to see the tracing statements.
John. Its probably worth mentioning that not only does procmon.exe listen on this device, but also the "enable boot logging" driver. I've enabled boot logging, run the test program and then launched procmon and the trace messages were there.
Granted, anyone that needs that functionality probably probably would think to try it, but its definitely worth mentioning that its there.
John. Its probably worth mentioning that not only does procmon.exe listen on this device, but also the "enable boot logging" driver. I've enabled boot logging, run the test program and then launched procmon and the trace messages were there.
Granted, anyone that needs that functionality probably probably would think to try it, but its definitely worth mentioning that its there.