![]() So why doesn’t ProcMon provide the same range of events? In fact, the number of possible events is staggering, since there are many events exposed by the NT kernel provider, and the tool could be expanded to include other providers. ![]() ![]() ProcMonX provides information on similar activities to ProcMon, but adds many more events, such as networking, ALPC and memory. Yesterday I released the first preview of a tool called Process Monitor X (ProcMonX), as a possible alternative to ProcMon. This tool helped me many times in diagnosing issues or just understanding what’s going on in a particular scenario. The (now classic) Process Monitor tool from Sysinternals allows watching important activities on a system: process and thread creation/termination, image loading/unloading, file system operations and registry operations (and some profiling events). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
February 2023
Categories |