Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

Declined Add an option to processmonitor to allow it to track all process starts and ends

Sep
84
2
I'd like to be able to keep track of all process starts and exits with process monitor. Currently it works like this.

processmonitor notepad.exe started forever beep 300
processmonitor notepad.exe ended forever beep 600

The following happens:


1. Run notepad and hear the 300 HZ beep.
2. Run another notepad and hear nothing.
3. Close the second notepad and hear nothing.
4. Close the first notepad and hear the 600 HZ beep.

I'd like to get notified for items 2 and 3 above also.
 
I'd like to be able to keep track of all process starts and exits with process monitor. Currently it works like this.

processmonitor notepad.exe started forever beep 300
processmonitor notepad.exe ended forever beep 600

The following happens:


1. Run notepad and hear the 300 HZ beep.
2. Run another notepad and hear nothing.
3. Close the second notepad and hear nothing.
4. Close the first notepad and hear the 600 HZ beep.

I'd like to get notified for items 2 and 3 above also.

This isn't really feasible, for a couple of reasons.

1. ProcessMonitor isn't hooking every Windows process start & exit; it's reading the process list every 20ms or so and seeing if a STARTED filename has appeared or an ENDED one has disappeared. (Hooking the CreateProcess and TerminateProcess API calls is a good way to get an app flagged as malware and blocked by most AV's.)
2. ProcessMonitor could potentially determine that a second (or third, fourth, ...) process of the same name has started / ended, but it's unlikely you'll be able to do anything with the information, since the command variables containing the process name & id are going to be overwritten within a few ms by the next matching process.

If you knew that you'd only have two processes, you could do:

processmonitor notepad.exe started forever beep 300
processmonitor notepad.exe started forever beep 300
processmonitor notepad.exe ended forever beep 600
processmonitor notepad.exe ended forever beep 600

But that's going to get pretty unwieldy for an n process solution.
 
Back
Top
[FOX] Ultimate Translator
Translate