Documentation on how to read the Process Monitor logs RRS feed

  • Question

  • I am looking for some guidance on how to read the Process Monitor logs to identify the problem with Application freezing issues. 
    Monday, November 12, 2018 10:04 AM

All replies

  • You may need more than just Process Monitor unless you have a really good understanding of the application in question. 

    I would suggest the following logs should cover everything:

    1. Enable as much trace logging of the application in question.  You might need to consult with Support of the application in question.  Hopefully this will give you thread IDs and possibly PIDs if needed in the logs of the application assuming it has logging.
    2. Run Process Monitor of course but also add profiling events every 100 ms.
    3. Run Windows Performance Analyzer (Part of the SDK) to capture a ETL trace of the issue.
    4. Maybe a few dumps using procdump when it has hung would also be good.  procdump.exe -ma process.exe
    5. Wireshark may also be useful if the application appears to be hanging as a result of network activity.  If the application uses loopback, then I would suggest using rawcap.exe to capture loopback as it's more lightweight than Message Analyzer.

    An initial task would be to follow the thread IDs in the PML and the trace logging of the application.

    Comparing a working set of logs against the freezing set could be helpful if that is an option.
    Friday, November 23, 2018 11:22 AM