Friday, May 03, 2013

And it does Windows too... Using Process Monitor to solve [nearly] any problem...

benjamin perkins - Using Process Monitor to solve any problem, including DebugDiag

I attended TechReady15 and took part in a session from Mark Russinovich, the creator of Process Monitor and many if not all of the System Internals tools.  He mentioned that there is no problem which Process Monitor cannot be used to help resolve. I put that to the test when I received the error message, Figure 1, from DebugDiag while trying to analyze a memory dump.

image

Figure 1, DebugDiag error, ShellExecute failed to display the report.  The returned code was 2.

I started up Process Monitor and reproduced the issue.  In the amount of time it took to reproduce the error, Process Monitor had logged 100,000s of events.  No problem, this is where the filtering comes in handy.  Figure 2 illustrates the filter I used to reduce the events to just those used by the DebugDiag process.  You can get to the filter window by clicking on the filter icon, circled in red in Figure 2, selecting Filter -> Filter… or by pressing CTRL + L.

...

Not bad, I have been able to reduce the number of events from half a million to 17.  By default, User Name is not added to the column list.  Right-click on the column and I can see which credentials are being used and are receiving the ACCESS DENIED error.  I was using my own credentials which did not have the required rights to create the required files.

Solution

I opened DebugDiag as an administrator as shown in Figure 5 and the issue did not happen anymore.

Figure 4, DebugDiag, Run as administrator

I recommend adding Process Monitor to your skill set as you can troubleshoot and resolve a lot of problems with it…even on your own machine…

image

Nice kind of recursive example of using Processing Monitor to debug a debug tool...

 

Related Past Post XRef:
The “Windows Sysinternals Primer: Process Explorer, Process Monitor, and More” from TechEd 2010 North America
Sysinternals 101 – “Notes from the field,” a quick intro to a few Sysinternals utilities (Process Explorer, TCPView, Process Monitor, VMMap)
Hands On Learning How to Use the Sysinternals Process Monitor Utility

Use the Sysinternals Utilities? The EULA bug dialog you? Then try this…

Sysinternals Update Day – Including new major release of Process Monitor (think PM + Network Monitoring = v2)
It’s a new Sysinternals Tool Day! RAMMap v1.0 released
New Sysinternals utility released today, Disk2vhd v1.0 – Yes, creating a VHD from a physical hard drive, even an online one, is now a couple clicks away…

The latest Sysinternals utilities are just a URL away, Live.Sysinternals.com
A handy PowerShell script to keep your Sysinternals Suite up to date

It's a sweet suite! Windows Sysinternals Suite gets a summer refresh [August 3, 2012]...
Sysinternals Suite 2010 Refreshed - All the latest versions, one 12.4MB zip…
Sysinternals Suite Refreshed – All the latest Sysinternals Utilities, one tiny zip (well 10MB zip…)
Sysinternals Suite (8MB of Complete Sysinternals Goodness)

No comments: