Process Monitor (v1.01) and Web Site Updates



 


Mark and Bryce have fixed a bug in Process Monitor that prevented it from working on some non-US English (localized) versions of XP. Thanks for your help debugging this!


 


Check out this blog on Process Monitor: Filemon + Regmon = Process Monitor 1.0. It enumerates many of the displayed operations.


 



Site Updates:


 


Thanks for all the feedback and help finding issues with this new site! Here’s what’s been updated in the past 48 hours alone. The biggest update in the addition of the ‘Utilities Index’ page and the addition of utility version/date info to this page.




  • Update version on Process Explorer page to 10.21 (twice: first edit was wrong)


  • Delete all versioning info before version 10.1 on Process Explorer


  • Update Speaking Schedule page


  • Correct PSTools announcement for PsShutdown.


  • Code Sign and Upload new DebugView binaries.


  • Hover menus don’t work for FireFox so a Utilities Index page needs to be created


  • Fix spaces between ProcessMonitor and ProcessExplorer in TOC


  • Typo on Process Monitor page (procexp.exe should be procmon.exe)


  • Add hyperlinks to Utilities Pages on Sysinternals blog


  • Add hyperlink to Sysinternals TechCenter on Sysinternals blog announcement


  • Update 2003 to 2003 SP1 on Process Monitor page


  • Fix typo on Utilities, File & Disk, and Security Index pages (AccessChk)


  • Fix main page title to read ‘Windows Sysinternals’

  • Add a link to the Suite on the Utilities Index page


  • Add version and file date/time to the Utilities Index page


  • Remove ‘back to top’ links in Speaking Schedule


  • Add version to PsTools Page


  • Add MoveFile to Utilities Index


  • Add RegHide to Utilities Index


  • Multiple edits to Tips and Trivia


  • CodeSign and Upload new Process Monitor v1.01


  • Removed ‘last updated’ dates from Utilities index pages (covered by new Utilities Index file dates)


  • Updated Index page titles for better bookmarking experience


  • Add a link to the Sysinternals home from the home page logo


  • Fix invalid reference on ‘Information’ page


  • Fix invalid reference in Networking Utilities page


  • Make ‘Download….’ links more noticable


  • Stop links on the left nav bar from creating a new browser window


Comments (45)

  1. Anonymous says:

    Hello Martin and Sebutzu,

    Regarding the source code. Is there a particular piece of source code you’re most interested in? In other words, if I can deliver some but not all, which would you like to see first?

    Thanks for the site feedback as well.

  2. Anonymous says:

    Answers to many questions:

    1. Q: So are these utilities essentially the same version as were previously on the pre-Microsoft Sysinternals site?

      A: Correct. There were some other minor updates that were also mentioned in the site migration post on the blog. Updated tools will be mentioned here.

    2. I would like to see a version history of what has changed for the various utilities.

      A: Noted.

    3. Q: Will Mark and Bryce be joined by others to maintain and create utilities going forward?

      A: Hopefully. We don’t have a concrete plan in place but I invision some sort of community based effort for updating and posting new tools and utilities.

    4. Q: I was wondering if Microsoft will eventually include certain Sysinterals products with Windows?

      A: Possibly. Don’t know for sure yet.

    5. Q: Does Process Monitor mean that the development of regmnon and filmon will be ceased?

      A: Yes, most likely.

    6. The archive postings of all the sysinternals newsletters are messed up.

      A: Actually it’s the way archive blogs are displayed. The title is a link to the entire newsletter. We’re going to see if that can be fixed.

  3. Anonymous says:

    Thanks Gary. Would you repost your finding in the forum? http://forum.sysinternals.com/

  4. db says:

    ok – normally I’m not paranoid but now that the source code has been hidden by Microsoft I have to wonder what is behind this term in the EULA

    >You may not:

    >* work around any technical limitations in the

    >binary versions of the software

    Kudos to anyone who proves whether or not process monitor is written to NOT report certain processes. Before the Sony rootkit I would have scoffed at suggestions of any legit company doing this. But now … well what technical limitations could they be talking about with freely released software?

    Yes – proving a negative is hard. But I have yet  to gauge the extent to which Mark has sold out. The source code issue troubles me greatly.

  5. Martin says:

    Yes: I’d appreciate too the sourcecode to be made available again

    BR,

    Martin

  6. sebutzu says:

    Me too!

    Loved the source code.

    And still love it!

    So please, Microsoft, let Mark publish the source code.

    It’s heaven for developers, and you WANT more experienced developers for the windows platform, don’t you?

  7. sebutzu says:

    And one more thing…

    If would be quite NICE to have Network monitoring included too in this MORE THAN NICE tool!

    Once again Congratulations for this WONDERFUL JOB!

  8. Alain says:

    Is there some mirror of the old programms/source before the purchase by microsoft?

    Thanks

  9. Gary Rowe says:

    Great program! But I tried to exclude a process from logging (only file mon active) when a lot was happening… Basically, Process Mon took over 2GB of my 1GB ram, and the system slowed to a standstill as the last 4mb of ram was fought over by the other processes via the swap file 🙁 … Could you rein in its memory desires when adding exclusions/whatever to the filter?

  10. soma says:

    So a few questions:

    1.  So are these utilities essentially the same version as were previously on the pre-Microsoft Sysinternals site?  With the exception of Process Monitor, which is obviously new.

    2.  I would like to see a version history of what has changed for the various utilities.

    3.  Will Mark and Bryce be joined by others to maintain and create utilities going forward?

    I am specifically interested in BGInfo, among others.  This has issues with CPU detection and identification of operating systems.

  11. aaron says:

    Changing the subject.  I was wondering if Microsoft will eventually include certain Sysinterals products with Windows.  MS might do good to distribute at least Process Explorer and Autoruns along with Vista or a future operating system.

    Before I stumbled across Sysinternals, I had no reliable method for troubleshooting my Windows system and removing malware.  Tools like Process Explorer and Autoruns have saved me countless times.

  12. DaveK says:

    1.  For goodness sake, just release the sources under some kind of abandonware license.  Put a big disclaimer on it, declare it end of life and unsupported, throw it out there to the community, and wash your hands of it.  This completely solves your resourcing and support problems.

    2.  The ‘it could help malware authors’ argument is nonsense, not just because (as others have pointed out) all the knowledge is out there already anyway, but because the MAIN ITEM THAT WOULD BE OF USE TO MALWARE AUTHORS IS THE ONE AND ONLY PIECE OF SYSINTERNALS SOURCE THAT YOU **ARE** STILL DISTRIBUTING!  

    <sigh> I guess everone has to go and rush to download ctrl2cap before you pull it now.  You’d probably better pull the DDK/WDK/WDF as well.  That’s completely evil too.

    3.  The archive postings of all the sysinternals newsletters are messed up.  There’s nothing there but the headers.

  13. mtvedten says:

    BTW: Does Process Monitor mean that the development of regmnon and filmon will be ceased?

    (No problems with that…)

  14. Brian says:

    FYI process monitor has a bug on W2K/XP where it takes 99% cpu for several minutes.  CSwitch delta is in the millions..

    It happened when it was replacing taskman (although that may not be the reason)

  15. Brian says:

    Pardon.. i mean process explorer. (sorry didn’t notice this was about process monitor

  16. Jeff Cross says:

    When the Sysinternals acquisition was announced, the boards were full of conspiracy theories of how Microsoft just wanted to censor Sysinternals and hide everything they found embarrassing (even information which is critical for us users).  I actually defended MS, and for that I now feel like an idiot.  In removing the source code (and several of the tools), MS did exactly what the conspiracy theorists predicted.  You can put the source code back up (and I hope you do), but neither MS nor the new Sysinternals can ever regain my trust.  I hope Mark and Bryce at least made a pretty penny when they sold out.

  17. KLC says:

    OK SO HERE’S THE SCOOP!

    THEY HAVE NOW HEARD HOW WE ALL FEEL ABOUT THE SOURCE CODE.

    DO THEY CARE ? NO

    DO WE, MOSTLY DEVELOPERS AND IT FOLKS, REALLY MATTER TO THEM? NO

    WILL THEY SCREW THEIR BEST SOURCE OF PROLIFERATION? YES

    WERE ALL THESE COMMENTS POINTLESS? YES

    DID THESE COMMENTS FALL ON DEAF EARS? YES

    HAVE YOU NOW CREATED MORE ANIMOSITY BY ONE’S YOU NEED THE MOST? YES

    DID YOU LIE? ABSOLUTELY

    JUST WAIT AND SEE.

    REMEMBER "THE BOY WHO CRIED WOLF"

    ONE DAY YOU’LL REALLY NEED US!

  18. aaron says:

    I don’t see how the removal of the source code verifies a "conspiracy" to censure things.

    Microsoft has still left the articles that discuss undocumented features in Windows hasn’t it?  How is that a step toward "censuring" things?

    It’s not fun that the source code is gone.  Microsoft would do good to release the source code for simpler tools, in my opinion.  However, I don’t blame MS for holding back some code.  I don’t give out my source code for large programs.  I only release smaller programs.

    As to Microsoft buying Sysinternals for the SOLE PURPOSE of removing the source code, that would be a pretty dumb reason to purchase a whole company.  Rather, my guess would be that they liked the tools that sysinternals/winternals created.  Heck, if I was MS, I would have hired Mark long before they did!  

  19. Igor says:

    When I try to download SysintenalsSuite.zip McAfee AntiVirus complains that it contains "Joke-Bluescreen.c" virus/trojan.

  20. annoynimous says:

    > Hover menus don’t work for FireFox so a Utilities Index page needs to be created

    …so just take he ready menus at http://www.cross-browser.com and use them.

    PS: i agree that removing sources for tools like PsTools and Handle is in almost the same as removing MSDN from intenernet, just by much less scale (yet?).

  21. aaron says:

    Replying to Igor.

    That is so funny (in my opinion) that Mark’s prank program has been added to the database of joke programs in McAfee.  Obviously, people out there have been having some fun with it.

    But really, adding it to the malware database is a bit extreme.  However, I can see that it could get annoying if people abused it.

  22. Nicholas says:

    Pretty please with a cherry on top, could you please archive the NT4/9x/dos utilities? Some of us still have to work with those operating systems. Also, why won’t Microsoft just cave and provide full documentation for all exported symbols? I mean people have pretty much figured them out.

  23. gubbagooy says:

    Why does everything microsoft buys get so screwed up?  First it was Visio, now sysinternals.

    Hide the source code.

    Hide everything

    Take over the world.

    Worthless sellouts.  

  24. bc says:

    Just typical! Hiding the source code just shows you how paranoid M$ really is. I think they are just scared to show the world how good they are at screwing up perfectly good code. Keep it up, M$, it’ll be your eventual downfall!!

  25. José Moya says:

    Hi!

    After scheduling psshutdown at 2:00 a.m. and realizing my computer was still turned on when I woke up at 8:00 a.m., I discovered there was a "license agreement" dialog open for the (non-interactive) Admin user (yes, I scheduled it to run as Admin).

    How can I use a batch utility if I have to check the license agreement every time I use it? I preferred pre-Microsoft version, without these dialogs. Maybe it could work like expiration warning in old antiviruses: display a timed message followed by "Use command -X to by pass this message"

  26. miguel says:

    Hi,

    I like a lot the new look an functionality of process monitor, and having file and reg monitoring together, however, it is SO MUCH SLOWER than FileMonitor that, for a certaint task, I had to redownload FileMonitor.

  27. Guti says:

    Really love Process Explorer and Autoruns.

    Good job Mark.

  28. KyentC says:

    You answered the other questions and skipped the question on source code.

    WHY?

  29. <a href=""></a> ,hqlhrna,hqlhrna says:

    <a href=""></a> ,<a href=""></a> ,<a href=""></a>

  30. Unknown says:

    <a href=’http://films.eoe1o.info/download-film-galitsin.html‘>download film galitsin</a>

  31. Unknown says:

    <a href=’http://soma.btewu.info/next-day-soma.html‘>next day soma</a>

  32. ...1 says:

    Du musst ein Fachmann sein – wirklich guter Aufstellungsort, den du hast!

  33. ...1 says:

    pagine piuttosto informative, piacevoli =)

  34. ...1 says:

    Great site! Good luck to it’s owner!

  35. Hospedagem says:

    See who owns an Internet address.

    TKS

    Hospedagem

  36. ...1 says:

    Luogo molto buon:) Buona fortuna!

  37. ...1 says:

    Ich erklare meinen Freunden uber diese Seite. Interessieren!

  38. ...1 says:

    9 su 10! Ottenerlo! Siete buoni!

  39. ZetMaster says:

    Hi!

    We offer best prices for OEM Software. Hurry up, it’s limited!

    [URL=http://oem-software.myzips.org/info-Adobe_Acrobat_6_professional.html]Autodesk VIZ 2006[/URL]

    Check our prices and blow your mind!

    Thanks

  40. ...1 says:

    E grande io ha trovato il vostro luogo! Le info importanti ottenute! ))

  41. Hospedagem says:

    Before I stumbled across Sysinternals, I had no reliable method for troubleshooting my Windows system and removing malware.  Tools like Process Explorer and Autoruns have saved me countless times.

    http://www.weblocal.com.br

  42. Jony says:

    If would be quite NICE to have Network monitoring included too in this MORE THAN NICE tool!

    Once again Congratulations for this WONDERFUL JOB!