PMon watches NT context swaps, process and thread creation and deletion

Mark Russinovich at has released freeware utility PMon which logs
and displays all process activity on an NT 4.0 system. Useful to Windows NT

The GUI dynamically loads the driver (based on
code from the instdrv sample in the Windows NT DDK), which installs hooks for
process and thread creation and deletion. The menus can be used to disable event
capturing, control the scrolling of the listview, and to save the listview
contents to an ASCII file. Where possible, PMon displays the name of the process
that owns a thread that is part of a thread creation or deletion, or a context
swap. The thread ID immediately follows the process name. In some cases the
owning process does not exist anymore, in which case PMon displays “???” for the
name. The “Elapsed” column indicates the time in seconds between successive
events in the display. Note that many times this will be 0, which simply means
that the events happened inside of one system timer clock tick. Clock ticks are
normally 10 milliseconds apart, so alot can happen (for more information on the
NT system timer, see Inside NT High Resolution Timers). The context-swap hook is
only present in multiprocessor builds of NT, and is by default not enabled. To
turn on context-switch monitoring when it is present, select the “Context Swap”
menu entry under the “Events” menu. Note that monitoring context swaps generates
many records rapidly. In order to try and minimize the amount of non-interesting
context-swap noise, PMon ignores swaps between system threads 0 and 1, which
occur frequently as system work items are dispatched.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top