A few years ago I got together with Mark Russinovich and we implemented a technique to enable developers to push tracing statements to Process Monitor so you can more easily see where you are causing I/O operations. You can read about the initial release of the code here. I'm moving the code to GitHub as that's where all open source code should be. :)
The ProcMonDebugOutput library supports both native C++ and managed .NET languages as well as 32-bit and 64-bit.
All the projects are in Visual Studio 2013 format. I'm not using any advanced Premium or Ultimate features so everything should compile even with Visual Studio Express, but I have not tried.
- Open up ProcMonDebugOutput.SLN
- Select the Build, Batch Build menu
- In the Batch Build dialog, click Select All button
- Click the Build button
The 32-bit binaries build to .\Source\ReleaseWin32 and .\Source\DebugWin32. The 64-bit binaries build to .\Source\Releasex64 and .\Source\Debugx64.
The only files you need after the build are: ProcMonDebugOutputWin32.dll, ProcMonDebugOutputx64.dll, and Sysinternals.Debug.dll.
For native code, you’ll need to include the header file ProcMonDebugOutput.h and link against ProcMonDebugOutputx86.lib or ProcMonDebugOutputx64.lib as appropriate. The API you’ll call is, appropriately named, ProcMonDebugOutput which takes a single parameter of a UNICODE string. Obviously, you’ll need to add ProcMonDebugOutputx86.DLL or ProcMonDebugOutputx64.DLL as part of your distribution. See the .\Source\NativeTest application for an example.
For managed code, the API is wrapped up in a TraceListener derived class, ProcessMonitorTraceListener, in Sysinternals.Debug.DLL. That means you can add ProcessMonitorTraceListener through configuration files like any TraceListener you’ve ever used. With your application you’ll need to include Sysinternals.Debug.DLL as well as both ProcMonDebugOutputx86.DLL and ProcMonDebugOutputx64.DLL. The ProcessMonitorTraceListener works with both 32-bit and 64-bit code and calls the appropriate native DLL as necessary. See the .\Source\ManagedTest application for a complete example.
The tracing statements are reported as Profiling Events so to see them, add ensure the "Show Profiling Events" button is selected (the last one on the toolbar). These events are of Operation type "Debug Output Profiling".
The following screen shot shows the tracing of the two sample programs with the filter set to only show tracing events.
That's not going to happen. When Mark and I discussed adding tracing to Process Monitor, we talked about combining both Process Monitor and Debug View. It was far easier to add the custom interface presented here that to do the major engineering effort to combine the tools. Remember, shipping is a feature!