ProcMon for Linux (Preview)

ProcMon for Linux (Preview)

by Posted on

Route of Video display (Procmon) is a Linux reimagining of the everyday Procmon intention from the Sysinternals suite of tools for Home windows. Procmon presents a convenient and efficient manner for Linux builders to tag the syscall insist on the intention.

Procmon in use

Requirements

  • OS: Ubuntu 18.04 lts
  • cmake >= 3.14 (regain-time only)
  • libsqlite3-dev >= 3.22 (regain-time only)

Set up Procmon

Checkout our install directions for distribution particular steps to install Procmon.

Building Procmon from source

1. Set up regain dependencies

sudo correct-regain -y install bison regain-important flex git libedit-dev 
  libllvm6.0 llvm-6.0-dev libclang-6.0-dev python zlib1g-dev libelf-dev

2. Form Procmon

git clone https://github.com/Microsoft/Procmon-for-Linux
cd Procmon-for-Linux
mkdir regain
cd regain
cmake ..
hang

Building Procmon Packages

The distribution programs for Procmon for Linux are constructed utilizing cpack.

To regain a deb equipment of Procmon on Ubuntu merely shuffle:

Usage

Usage: procmon [OPTIONS]
   OPTIONS
      -h/--serve                Prints this serve cloak
      -p/--pids                Comma separated list of process ids to visual display unit
      -e/--events              Comma separated list of intention calls to visual display unit
      -c/--uncover [FILEPATH]  Probability to birth Procmon in a headless mode
      -f/--file FILEPATH       Open a Procmon tag file

Examples

The following traces all processes and syscalls on the intention

sudo procmon

The following traces processes with process id 10 and 20

sudo procmon -p 10,20

The following traces process 20 only syscalls learn, write and openat

sudo procmon -p 20 -e learn,write,openat

The following traces process 35 and opens Procmon in headless mode to output all captured events to file procmon.db

sudo procmon -p 35 -c procmon.db

The following opens a Procmon tracefile, procmon.db, for the interval of the Procmon TUI

sudo procmon -f procmon.db
  • Quiz a request on StackOverflow (notice with ProcmonForLinux)
  • Query a novel feature on GitHub
  • Vote for standard feature requests
  • File a trojan horse in GitHub Issues

If you happen to are infected about fixing points and contributing straight away to the code rotten, please watch the file The technique to Make a contribution, which covers the next:

  • The technique to regain and shuffle from source
  • The enchancment workflow, including debugging and operating tests
  • Coding Pointers
  • Submitting pull requests

Please watch also our Code of Behavior.

Copyright (c) Microsoft Corporation. All rights reserved.

Licensed under the MIT License.

Read Extra