Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Process Monitor
  New Posts New Posts RSS Feed - Procmon
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Procmon

 Post Reply Post Reply
Author
Message
egbnt View Drop Down
Newbie
Newbie


Joined: 07 December 2006
Location: United States
Status: Offline
Points: 7
Post Options Post Options   Thanks (0) Thanks(0)   Quote egbnt Quote  Post ReplyReply Direct Link To This Post Topic: Procmon
    Posted: 14 October 2010 at 3:40pm
On a busy system, a process gets an "ENOSOCKET" error message. Using procmon, I thought I could watch the "socket()/connect()" and "closesocket()" calls in enough detail to see a specific socket closed. However, it appears procmon.exe does not log the arguments to these calls or even the socket calls themselves.

On pre-VISTA Windows operating systems interception of "system calls" into the Kernel could be done by patching the Kernel trap tables. VISTA and successors no longer allow this, but procmon.exe was the recommended way to get the information.

Strace.exe worked on XP and before. Strace.exe logged system calls into the Kernel, the arguments of the system calls and the return values. It no longer works. In the 4 years since VISTA appeared, nothing has come along to provide the Strace function that I am aware of. The result is simple debugging questions simply cannot be answered and even Microsoft Premier Support can spend months arguing with the Microsoft customer over who closed a socket (file/mutex/...) or even
whether it was closed.

Is there any chance the full "Strace" capability will ever be offered by Mr. Russinovich's utility set?
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down