This post inspired by fantastic news I heard over at John Robbins blog of Wintellect. John collaborated with Mark Russinovich. Mark made it possible for Process Monitor [ProcMon] to collect events reported by an application and John wrapped a nice API that can be used either from native or managed code. Quick Resource Box * JOHN ROBBINS' BLOG
* Mark Russinovich
* Process Monitor
* DebugView The rest of the post is a simple walkthrough of using the API and collecting the events in Procmon.
Step-by-Step Walkthrough * Step 1 – Compile solution. John shares a source code. Download it here. It is Visual Studio 2008 project. It’s possible to compile it with Visual Studio 2010. I used VS 2010 RC. The result is 3 binaries:
o ProcMonDebugOutputx64.dll – native code dll that reports events to Procmon on 64 bit machine for 64 bit processes.
o ProcMonDebugOutputx86.dll - native code dll that reports events to Procmon on 32/64 bit machine for 32 bit processes.
o Sysinternals.Debug.dll – managed code dll that calls either of the above depending on the process that runs it.
* Step 2 – Report events from your app. When using it from managed code use System.Diagnostics.Trace.WriteLine(“your message to procmon”). I use it massively when inspecting performance issues. I usually collect the messages with another free xcopy tool from sysinternals – DebugView. Remember to put the three dll’s created in Step 1 into your bin folder.
* Step 3 – Configure trace listener in config file. John implemented tracelistener in his Sysinternals.Debug.dll. Following is the configuration needed to enable it collecting events from the application and passing them to Procmon: <?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.diagnostics>
<trace autoflush="true">
<listeners>
<add name="procmon" type="Sysinternals.Debug.ProcessMonitorTraceListener, Sysinternals.Debug"></add>
</listeners>
</trace>
</system.diagnostics>
</configuration> * Step 4 – Test the solution. Test the solution by running the Procmon and then your application. Make sure “Show Profiling Events” button is pressed on the toolbar. For test purposes I have implemented a code that issues web requests to microsoft.com and prints out the response. Note, the code is for demo only – it’s not optimized for performance and reliability. Read more: Alik Levin's
* Mark Russinovich
* Process Monitor
* DebugView The rest of the post is a simple walkthrough of using the API and collecting the events in Procmon.
Step-by-Step Walkthrough * Step 1 – Compile solution. John shares a source code. Download it here. It is Visual Studio 2008 project. It’s possible to compile it with Visual Studio 2010. I used VS 2010 RC. The result is 3 binaries:
o ProcMonDebugOutputx64.dll – native code dll that reports events to Procmon on 64 bit machine for 64 bit processes.
o ProcMonDebugOutputx86.dll - native code dll that reports events to Procmon on 32/64 bit machine for 32 bit processes.
o Sysinternals.Debug.dll – managed code dll that calls either of the above depending on the process that runs it.
* Step 2 – Report events from your app. When using it from managed code use System.Diagnostics.Trace.WriteLine(“your message to procmon”). I use it massively when inspecting performance issues. I usually collect the messages with another free xcopy tool from sysinternals – DebugView. Remember to put the three dll’s created in Step 1 into your bin folder.
* Step 3 – Configure trace listener in config file. John implemented tracelistener in his Sysinternals.Debug.dll. Following is the configuration needed to enable it collecting events from the application and passing them to Procmon: <?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.diagnostics>
<trace autoflush="true">
<listeners>
<add name="procmon" type="Sysinternals.Debug.ProcessMonitorTraceListener, Sysinternals.Debug"></add>
</listeners>
</trace>
</system.diagnostics>
</configuration> * Step 4 – Test the solution. Test the solution by running the Procmon and then your application. Make sure “Show Profiling Events” button is pressed on the toolbar. For test purposes I have implemented a code that issues web requests to microsoft.com and prints out the response. Note, the code is for demo only – it’s not optimized for performance and reliability. Read more: Alik Levin's