ProcessMonitor

Dec 2, 2008
212
2
Canada
#1
I was trying out the ProcessMonitor command and it did think that I didn't expect.

Contents of Test.btm:

PROCESSMONITOR * STARTED FOREVER start c:\TC\Started.btm
PROCESSMONITOR * ENDED FOREVER start C:\tc\ended.btm



Contents of Started.btm:

@echo off
echo Process Started
echo Name: %_processname%
echo PID: %_processpid%
echo Count: %_processcount%
pause
exit



Contents of Ended.btm:

@echo off
echo Process Ended
echo Name: %_processname%
echo PID: %_processpid%
echo Count: %_processcount%
pause
exit


When I run Test.btm I get a new TCC window popup with the following:


TCC 12.00.32 Windows XP [Version 5.1.2600]
Copyright 2010 Rex Conn & JP Software Inc. All Rights Reserved
Registered to Craig Gunhouse - 1 System License

Process Started
Name: smss.exe
PID: 852
Count:
Press any key when ready...


Which is a process that is already running with a pid of 852 and the value for _processcount is empty. Does "STARTED" on the ProcessMonitor command mean it should watch for a process with than name starting or check for one that is already running?

From what I coded above, I thought I was monitoring for any new processes starting and any process ending. Am I wrong in my understanding of the syntax of the PROCESSMONITOR command? If I start a new process or kill a process nothing seems to happen.

Craig
 

rconn

Administrator
Staff member
May 14, 2008
10,556
97
#2
I was trying out the ProcessMonitor command and it did think that I didn't expect.
....

Which is a process that is already running with a pid of 852 and the value for _processcount is empty. Does "STARTED" on the ProcessMonitor command mean it should watch for a process with than name starting or check for one that is already running?

From what I coded above, I thought I was monitoring for any new processes starting and any process ending. Am I wrong in my understanding of the syntax of the PROCESSMONITOR command? If I start a new process or kill a process nothing seems to happen.

Craig
PROCESSMONITOR will trigger the first time if the process is already running. This is WAD, as otherwise there's no way to detect if the new process started just as the PROCESSMONITOR command was being initialized (for example, at system startup).

However, it's a REALLY bad idea to use "*" as the process name, as at times your system is going to end up triggering PROCESSMONITOR many times per second, and I really don't think you want (1) the overhead, and (2) a few thousand TCC processes popping up.
 
Dec 2, 2008
212
2
Canada
#3
PROCESSMONITOR will trigger the first time if the process is already running. This is WAD, as otherwise there's no way to detect if the new process started just as the PROCESSMONITOR command was being initialized (for example, at system startup).

However, it's a REALLY bad idea to use "*" as the process name, as at times your system is going to end up triggering PROCESSMONITOR many times per second, and I really don't think you want (1) the overhead, and (2) a few thousand TCC processes popping up.
When I ran the code list previously, only the following displayed:

TCC 12.00.32 Windows XP [Version 5.1.2600]
Copyright 2010 Rex Conn & JP Software Inc. All Rights Reserved
Registered to Craig Gunhouse - 1 System License
Process Started
Name: smss.exe
PID: 852
Count:
Press any key when ready...


There was nothing else, none of the few thousand TCC processes you mentioned.

Craig
 

rconn

Administrator
Staff member
May 14, 2008
10,556
97
#4
When I ran the code list previously, only the following displayed:

TCC 12.00.32 Windows XP [Version 5.1.2600]
Copyright 2010 Rex Conn & JP Software Inc. All Rights Reserved
Registered to Craig Gunhouse - 1 System License
Process Started
Name: smss.exe
PID: 852
Count:
Press any key when ready...

There was nothing else, none of the few thousand TCC processes you mentioned.

Craig
Try it with a more rational sample syntax:

PROCESSMONITOR c:\windows\system32\cmd.exe STARTED FOREVER start Started.btm
PROCESSMONITOR c:\windows\system32\cmd.exe ENDED FOREVER start ended.btm

Then start & end CMD.EXE -- you should see both batch files execute.