Hi all!
I don't know if there is more direct way to monitor a program other than Windows Task Administrator. An specific API or something like that?
Thanks. HSE
I have usually seen monitoring done by polling at a preset interval.
Don't know if this is what you're after?
Processor performance counter, using the Performance Data Helper api (PDH).
Quote from: hutch-- on April 09, 2020, 09:32:01 AM
I have usually seen monitoring done by polling at a preset interval.
I can't make polling because I'm still learning Finite State Machines :biggrin:
Hi Hutch and Siekmanski!
Windows Resource Monitor show use of CPU in one tab, memory in other tab, and so on, of all processes. Perhaps it's posible to access that routines to see all data from one program, or there is an application already available.
Thanks. HSE
:biggrin:
> I can't make polling because I'm still learning Finite State Machines
Whatever you need to check, do it about once a second, faster or slower depending on what you need. :tongue:
Have you looked at GetProcessIoCounters?
Hi HSE,
maybe this article will help - https://www.codeproject.com/Articles/28547/ProSysLib-Dissecting-the-Process (https://www.codeproject.com/Articles/28547/ProSysLib-Dissecting-the-Process) (Access detailed information about the current process the easiest way.)
Hi HSE
If I understand you right, MS provides a way to monitor your application using Performance Counters https://docs.microsoft.com/en-us/windows/win32/perfctrs/performance-counters-portal (https://docs.microsoft.com/en-us/windows/win32/perfctrs/performance-counters-portal). Make sure you use version 2 https://docs.microsoft.com/en-us/windows/win32/perfctrs/providing-counter-data-using-version-2-0 (https://docs.microsoft.com/en-us/windows/win32/perfctrs/providing-counter-data-using-version-2-0).
It is the same technology Siekmanski used to monitor the CPU.
The core idea is to define the counters in your application using the manifest and call some APIs to do the work for you. The architecture is described here https://docs.microsoft.com/en-us/windows/win32/perfctrs/about-performance-counters (https://docs.microsoft.com/en-us/windows/win32/perfctrs/about-performance-counters).
Biterider
hello sir HSE;
PMC (Performance Monitoring Counter), rdmsr, wrmsr, but need create a driver.
Sysinternals had done procmon in past, currently process explorer is avaliable.
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
In procmon it is necessary to create a filter in search, otherwise you will receive a lot of messages. It is useful when you want to analyze a malicious program in a controlled environment. Registry keys deleted or added, access to files, functions being used by the program, ....
Everything you need.
GetProcessIoCounters (used in GetProcessArray (http://www.jj2007.eu/MasmBasicQuickReference.htm#Mb1450)):
ReadOperationCount The number of read operations performed.
WriteOperationCount The number of write operations performed.
OtherOperationCount The number of I/O operations performed, other than read and write operations.
ReadTransferCount The number of bytes read.
WriteTransferCount The number of bytes written.
OtherTransferCount The number of bytes transferred during operations other than read and write operations.
GetProcessMemoryInfo (used in MemState (http://www.jj2007.eu/MasmBasicQuickReference.htm#Mb1393)):
typedef struct _PROCESS_MEMORY_COUNTERS_EX {
DWORD cb;
DWORD PageFaultCount;
SIZE_T PeakWorkingSetSize;
SIZE_T WorkingSetSize;
SIZE_T QuotaPeakPagedPoolUsage;
SIZE_T QuotaPagedPoolUsage;
SIZE_T QuotaPeakNonPagedPoolUsage;
SIZE_T QuotaNonPagedPoolUsage;
SIZE_T PagefileUsage;
SIZE_T PeakPagefileUsage;
SIZE_T PrivateUsage;
} PROCESS_MEMORY_COUNTERS_EX;
Thanks a lot!
At first glance look like you have to know total CPU performance (like Siekmanski program) and application counters to calculate CPU usage.
Quote from: mineiro on April 09, 2020, 09:22:53 PM
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
It is useful when you want to analyze a malicious program in a controlled environment. Registry keys deleted or added, access to files, functions being used by the program, ....
Fantastic :thumbsup: I think that will make the job. But malicious code are my own mistakes :biggrin:
AnVir Task Manager Free :
https://www.anvir.com/
hello sir HSE;
I believe there is an option to make process explorer the native manager on windows.
Quote from: HSE on April 10, 2020, 12:09:06 AM
Fantastic :thumbsup: I think that will make the job. But malicious code are my own mistakes :biggrin:
hehehe, welcome to team.
Naughty bottie...
:biggrin:
Funny how we get these single posts from Madagascar. :tongue: