News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

How to monitor a program execution?

Started by HSE, April 09, 2020, 04:40:05 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

HSE

April 09, 2020, 04:40:05 AM
Hi all!

I don't know if there is more direct way to monitor a program other than Windows Task Administrator.  An specific API or something like that?

Thanks. HSE
Equations in Assembly: SmplMath

hutch--

#1
April 09, 2020, 09:32:01 AM
I have usually seen monitoring done by polling at a preset interval.

Siekmanski

#2
April 09, 2020, 09:47:36 AM
Don't know if this is what you're after?
Processor performance counter, using the Performance Data Helper api (PDH).
Creative coders use backward thinking techniques as a strategy.

HSE

#3
April 09, 2020, 10:01:58 AM
Quote from: hutch-- on April 09, 2020, 09:32:01 AM
I have usually seen monitoring done by polling at a preset interval.
I can't make polling because I'm still learning Finite State Machines  :biggrin:

Hi Hutch and Siekmanski!
Windows Resource Monitor show use of CPU in one tab, memory in other tab, and so on, of all processes. Perhaps it's posible to access that routines to see all data from one program, or there is an application already available.

Thanks. HSE
Equations in Assembly: SmplMath

hutch--

#4
April 09, 2020, 11:00:53 AM
 :biggrin:

> I can't make polling because I'm still learning Finite State Machines

Whatever you need to check, do it about once a second, faster or slower depending on what you need.  :tongue:

jj2007

#5
April 09, 2020, 12:35:57 PM
Have you looked at GetProcessIoCounters?

LiaoMi

#6
April 09, 2020, 05:24:17 PM
Hi HSE,

maybe this article will help - https://www.codeproject.com/Articles/28547/ProSysLib-Dissecting-the-Process (Access detailed information about the current process the easiest way.)

Biterider

#7
April 09, 2020, 06:25:42 PM
Hi HSE
If I understand you right, MS provides a way to monitor your application using Performance Counters https://docs.microsoft.com/en-us/windows/win32/perfctrs/performance-counters-portal. Make sure you use version 2 https://docs.microsoft.com/en-us/windows/win32/perfctrs/providing-counter-data-using-version-2-0.
It is the same technology Siekmanski used to monitor the CPU.
The core idea is to define the counters in your application using the manifest and call some APIs to do the work for you. The architecture is described here https://docs.microsoft.com/en-us/windows/win32/perfctrs/about-performance-counters.

Biterider

mineiro

#8
April 09, 2020, 09:22:53 PM
hello sir HSE;

PMC (Performance Monitoring Counter), rdmsr, wrmsr, but need create a driver.

Sysinternals had done procmon in past, currently process explorer is avaliable.
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

In procmon it is necessary to create a filter in search, otherwise you will receive a lot of messages. It is useful when you want to analyze a malicious program in a controlled environment. Registry keys deleted or added, access to files, functions being used by the program, ....
I'd rather be this ambulant metamorphosis than to have that old opinion about everything

jj2007

#9
April 09, 2020, 10:04:39 PM
Everything you need.

GetProcessIoCounters (used in GetProcessArray):
Code Select
ReadOperationCount The number of read operations performed.
WriteOperationCount The number of write operations performed.
OtherOperationCount The number of I/O operations performed, other than read and write operations.
ReadTransferCount The number of bytes read.
WriteTransferCount The number of bytes written.
OtherTransferCount The number of bytes transferred during operations other than read and write operations.

GetProcessMemoryInfo (used in MemState):
Code Select
typedef struct _PROCESS_MEMORY_COUNTERS_EX {
  DWORD  cb;
  DWORD  PageFaultCount;
  SIZE_T PeakWorkingSetSize;
  SIZE_T WorkingSetSize;
  SIZE_T QuotaPeakPagedPoolUsage;
  SIZE_T QuotaPagedPoolUsage;
  SIZE_T QuotaPeakNonPagedPoolUsage;
  SIZE_T QuotaNonPagedPoolUsage;
  SIZE_T PagefileUsage;
  SIZE_T PeakPagefileUsage;
  SIZE_T PrivateUsage;
} PROCESS_MEMORY_COUNTERS_EX;

HSE

#10
April 10, 2020, 12:09:06 AM
Thanks a lot!

At first glance look like you have to know total CPU performance (like Siekmanski program) and application counters to calculate CPU usage.

Quote from: mineiro on April 09, 2020, 09:22:53 PM
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

It is useful when you want to analyze a malicious program in a controlled environment. Registry keys deleted or added, access to files, functions being used by the program, ....

Fantastic :thumbsup: I think that will make the job. But malicious code are my own mistakes  :biggrin:
Equations in Assembly: SmplMath

Vortex

#11
April 10, 2020, 01:06:00 AM Last Edit: April 10, 2020, 03:14:02 PM by Vortex
AnVir Task Manager Free :

https://www.anvir.com/

mineiro

#12
April 10, 2020, 09:11:02 AM
hello sir HSE;
I believe there is an option to make process explorer the native manager on windows.
Quote from: HSE on April 10, 2020, 12:09:06 AM
Fantastic :thumbsup: I think that will make the job. But malicious code are my own mistakes  :biggrin:
hehehe, welcome to team.
I'd rather be this ambulant metamorphosis than to have that old opinion about everything

K_F

#13
April 24, 2020, 02:23:48 AM
Naughty bottie...
'Sire, Sire!... the peasants are Revolting !!!'
'Yes, they are.. aren't they....'

hutch--

#14
April 24, 2020, 05:28:18 PM
 :biggrin:

Funny how we get these single posts from Madagascar.  :tongue:
Print
Go Up Pages1
User actions