none
Monitor Windows Events (Like ProcMon) RRS feed

  • Question

  • Hi Guys !

    As an IT we always face some unexpected behavior caused by interactions between the system and applications, so i wonder if a script can be made to target a specific process and watch all its events, interactions and operations. Just like ProcMon but more flexible and specific.

    I mean how procmon works exactly and which commands is it using.

    Thanks.

    Thursday, August 9, 2018 8:21 AM

Answers

  • Yes.  You can write  program to do what procmon does but you cannot write it in PowerShell or a scripting language.

    To do what procmon does you have to access Windows at a very low level.  This can only be done with APIs that are not available from dotNet.


    \_(ツ)_/

    • Marked as answer by DragoMax Thursday, August 9, 2018 2:36 PM
    Thursday, August 9, 2018 2:25 PM

All replies

  • That is not how Windows works.  Windows processes are not commands. They are raw computer code.  Binary.  You cannot easily monitor with any scripting engine.  That is why we have procmon.


    \_(ツ)_/

    Thursday, August 9, 2018 9:58 AM
  • Yes exactly and i suppose if the question was asked before procmon exists it will be that it is impossible to create such a program.. but my question is how procmon acually works, how it access to that sort of informations.

    Thanks

    Thursday, August 9, 2018 11:51 AM
  • Yes.  You can write  program to do what procmon does but you cannot write it in PowerShell or a scripting language.

    To do what procmon does you have to access Windows at a very low level.  This can only be done with APIs that are not available from dotNet.


    \_(ツ)_/

    • Marked as answer by DragoMax Thursday, August 9, 2018 2:36 PM
    Thursday, August 9, 2018 2:25 PM