Geeks for your information News Linux News v
Microsoft releases Process Monitor tool Procmon for Linux
Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Microsoft releases Process Monitor tool Procmon for Linux
harlan4096 Online
MalWare Zoo Team
*******
Posts: 12,793
Threads: 8,839
Thanks Received: 8,732 in 6,893 posts
Thanks Given: 9,632
Joined: 12 September 18
#1
Information  20 July 20, 16:22 (This post was last modified: 20 July 20, 16:23 by harlan4096.)
Quote:
[Image: procmon-linux.gif]

Microsoft revealed some time ago that it had plans to port some of the tools provided by Sysinternals to Linux. One of the tools mentioned was Process Monitor, or short ProcMon, and a preview of the application is now available for Linux.

Process Monitor is an advanced monitoring tool for Windows that displays real-time data such as Registry, process and thread activity. It is a powerful tool that supports logging the information to files for later analysis.

The program is highly configurable, supports non-destructive filters, the capturing of thread stacks, process details capturing, and boot time logging of operations.

The Linux version of Procmon is now available on GitHub. The open source tool has been released as a preview.

Since it is released as a preview, it is limited to systems running Ubuntu 18.04 with kernel 4.18 up to 5.3 at the time of writing. Several users tried to build or install the process monitor tool on Ubuntu 20.04 systems and failed.

Microsoft plans to add more configurations to the system requirements in the future to take these systems into account.

Installation instructions on Ubuntu 18.04 devices are straightforward. Run the following commands:
  1. wget -q https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
    sudo dpkg -i packages-microsoft-prod.deb
  2. sudo apt-get update
  3. sudo apt-get install procmon
Build instructions are provided as well on the project's GitHub website, and Linux users may download a .deb file from the releases section on the project's GitHub page.

You may run procmon -h after installation to display the help screen. Here are a few example commands that you may run:
  • sudo procmon // runs the process monitor tool to trace all processes and syscalls.
  • sudo procmon -p 1337 -c procmon.db // traces the process 1337 in headless mode and saves the data to the file procmon.db
  • sudo procmon -p 1337 -e read,write,openat // traces syscalls read, write, and opennat of process 1337
  • sudo procmon -f procmon.db // opens the trace file procmon.db within the interface.
Closing Words

Procmon is a powerful system monitoring tool for advanced uses. The Linux version comes without the help file that the Windows version of Procmon includes. Since it is offered as a preview, it is possible that a help file will be provided once the program is offered as a stable release.
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
F-Secure 19.4
What's new in the ...harlan4096 — 09:44
Thunderbird Supernova 115.10.1
Thunderbird Supern...harlan4096 — 09:41
Microsoft Edge 124.0.2478.51
Version 124.0.2478...harlan4096 — 09:40
Rogue Anti-Malware 15.16.1
V15.16.1 04/12/202...harlan4096 — 09:39
Intel Xeon 6 6980P “Granite Rapids-AP” C...
Intel Xeon 6 specs...harlan4096 — 09:37

[-]
Birthdays
Today's Birthdays
avatar (36)RobertUtelt
Upcoming Birthdays
avatar (43)wapedDow
avatar (42)techlignub
avatar (41)Stevenmam
avatar (48)onlinbah
avatar (49)steakelask
avatar (43)Termoplenka
avatar (41)bycoPaist
avatar (47)pieloKat
avatar (41)ilyagNeexy
avatar (49)donitascene
avatar (49)Toligo

[-]
Online Staff
There are no staff members currently online.

>