Log in

View Full Version : Filemon + Regmon, now Processmon

Silver
November 10th, 2006, 05:56
A new release of the Jamaican tools, the first Microsoftization of Sysinternals.

Quote:
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon


http://www.microsoft.com/technet/sysinternals/processesandthreads/processmonitor.mspx
dELTA
November 10th, 2006, 06:08
Just saw it too and was gonna post about it, but you beat me to it. Looks quite sweet anyway!
Vrane
November 10th, 2006, 06:51
nice..
Silkut
November 10th, 2006, 12:01
Heavy but hell, nice.
Kayaker
November 10th, 2006, 12:09
Quote:
[Originally Posted by Silver]A new release of the Jamaican tools, the first Microsoftization of Sysinternals.


Or how about the Sysinternalization of Microsoft?
It's really weird seeing the Windows logo proudly emblazened at the new Sysinternals "Home Page". .

eerr, Jamaican tools??
JMI
November 10th, 2006, 15:59
Yep! very wierd.

Regards,
Silver
November 11th, 2006, 10:53
Quote:
eerr, Jamaican tools??


Reg, mon! File, mon! Process, mon! Jamaica, mon!

If ever there was a stereotype...
naides
November 11th, 2006, 11:07
Quote:
[Originally Posted by Silver]Reg, mon! File, mon! Process, mon! Jamaica, mon!

If ever there was a stereotype...

Yah mon!
dELTA
November 11th, 2006, 19:02
JMI
November 11th, 2006, 20:32
Very mon sing it out now mon!

Regards,
naides
November 14th, 2006, 17:31
Reminds me of the local name for a Jamaican Proctologist:

Pokey Mon
dELTA
November 15th, 2006, 04:10
On a more serious note, it bugchecked/BSOD'd my computer (VMware machine) when I started it yesterday.

Error code 0000007f, parameter1 00000000, parameter2 00000000, parameter3 00000000, parameter4 00000000.

Any such instability for anyone else?
blabberer
November 15th, 2006, 09:53
7f i saw it recently somewhere must be some infamous hacks operating inside
instant death

Quote:

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
autarky
November 15th, 2006, 11:08
That appears to have been caused by a divide-by-zero error being trapped. I haven't had any similar problems when running it, though I don't use VMWare. I typically expect 0x7f bugchecks to be caused by a double fault, as that is typically caused by overflowing the kernel stack.

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/prork/prhd_exe_jadf.mspx?mfr=true
o_o
November 16th, 2006, 12:32
Hmhmhm it happened to me twice after i installed processmon. Even when it wasn't running. Maybe a bugged driver??
disavowed
November 20th, 2006, 11:27
Are you using the latest version (1.01)?
dELTA
November 20th, 2006, 13:54
Yes.