TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

Microsoft ports its Process Monitor tool ProcMon to Linux

The software giant Microsoft has successfully managed to port its Process Monitor tool, also known as ProcMon, to Linux. Well, ProcMon is nothing but a free tool from Windows Sysinternals that handles real-time tracking of all file system activity on Windows and Unix-like operating systems.

Process Monitor for Linux

This development is hardly surprising since the company had previously promised to bring some of the Sysinternals tools to Linux, and ProcMon was one of them. As a result, ProcMon 1.0 preview is now available for Linux.

“Process Monitor (Procmon) is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system,” Microsoft explains.

The Process Monitor or ProcMon tool is available on the Sysinternals pages of Microsoft and you can download it free of charge. The tool allows users to see the internal workings of an application or the operating system itself.

You can have an application process running that involves making calls to the registry. Then, it also makes calls to the operating systems to create and destroy processes and threats. All of those events become visible in a Process Monitor trace.

What users don’t see, however, is an application’s window events or whenever the application receives keystrokes and mouse movements, etc. None of those events are visible in a Process Monitor trace now.

This tool is particularly helpful for developers to track the behavior of certain apps and how they interact with operating system resources.

Getting started with ProcMon for Linux

Getting started with Process Monitor for Linux for Ubuntu 18.04 devices requires the following set of commands:

  • wget -q https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb sudo dpkg -i packages-microsoft-prod.deb
  • sudo apt-get update
  • sudo apt-get install procmon

Upon starting ProcMon, it immediately starts recording events. Users also see some percentage of events pre-recorded. The reason being, ProcMon has some default filters, which behaves like a display filter in one of the packet sniffing tools called Wireshark.

Published on Tags:

AnandKhanse@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP (2016-2022). He enjoys following and reporting Microsoft news and developments in the world of Personal Computing.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap