Note: the System process is not included in profiling.
Profiling: Scans all the active threads in the system and generates a profiling even for each one that records the kernel and user CPU time consumed, as well as the number of context switches executed, by the thread since its previous profiling event. Each network operation includes the source and destination addresses, as well as the amount of data sent or received, but does not include the actual data. Network: Traces and records TCP and UDP activity using Event Tracing for Windows (ETW). Process: Tracks all process and thread creation and exit operations as well as DLL and device driver load operations. HKEY_LOCAL_MACHINE is represented as HKLM).įile system: Displays file system activity for all Windows file systems, including local storage and remote file systems. Registry: Logs all Registry operations and displays Registry paths using conventional abbreviations for Registry root keys (e.g. It would also be nice if it did not require administrative privileges.Real-time display of all local file and registry activity, some network activity, by processįilter on any element of captured activity, ex: by process, file path, registry key nameĬombination of previous tools File Monitor and Registry Monitor Another requirement which I didn't really state is that speed is fairly important I was planning on doing this for things like compiling a C++-file, and pulling up a full GUI which generates a 20 MB logfile will have prohibitive overhead.
I'm really only interested in what files are opened, and if they are opened for read/write or just read. If I narrow down my requirements even further, it is probably enough to be able to monitor calls to CreateFile().
I'm aware of Process Monitor, but I would like to receive the data in a form which I can import into another program for further analysis. I want to do this programmatically from another process. The Sysinternals web site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. I'm primarily interested in running a process and figuring out which files it has read and written. On Linux I can probably get away using strace with suitable parameters, but how can I do this on Windows? I would like to be able to monitor certain system calls made by a process, primarily file I/O calls.
0 kommentar(er)
