The reason other solutions here work is because sometimes the filename of the driver will increment (it's at PROCMON24.SYS right now). If it deletes it successfully, then it may have been corrupt and the next time you run Process Monitor it'll work by re-installing it. If it denies access because it's open in another process, that's definitely the issue. If you want to find out if this is the case, delete that driver file (Process Monitor automatically re-installs it when it runs).
The solution is to open task manager and kill Process Monitor to solve the issue. It probably failed to cleanly exit last time and just got stuck. It would also be nice if it did not require administrative privileges.If you ran it successfully before and are having issues now, then most common issue is the procmonXX.sys driver inside of C:\Windows\System32\drivers is locked up by another process, specifically a zombie process of Process Monitor. Another requirement which I didn't really state is that speed is fairly important I was planning on doing this for things like compiling a C++-file, and pulling up a full GUI which generates a 20 MB logfile will have prohibitive overhead. I'm really only interested in what files are opened, and if they are opened for read/write or just read. If I narrow down my requirements even further, it is probably enough to be able to monitor calls to CreateFile().
I'm aware of Process Monitor, but I would like to receive the data in a form which I can import into another program for further analysis. I want to do this programmatically from another process. I'm primarily interested in running a process and figuring out which files it has read and written. On Linux I can probably get away using strace with suitable parameters, but how can I do this on Windows? I would like to be able to monitor certain system calls made by a process, primarily file I/O calls.
0 kommentar(er)
