Microsoft Brings Procmon To Linux

ProcMon for Linux is Microsoft's newest open-source Linux software. ProcMon is a rewritten and re-imagined version of its Processor Monitor found on Windows within their Sysinternals suite. From a report: Microsoft explains, "The Procmon is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system."

Procmon!

[Anonymous Coward]

Gotta catch 'em all!

Re:

[jfdavis668]

Procmon! I choose you!

How many real features?

[Cylix]

I can’t find a screenshot and I’m out of town. I’m wondering how many features of pro mom survived the translation.

For windows it was nice because there was little else that exposed this information so well. For Linux there are lots of tools to slice and review pids.

Anyone poke it with a stick yet?

the poo

[awwshit]

> Anyone poke it with a stick yet?

I have a lot of respect for Russinovich, he made great tools for Windows. But you have to understand that MS software has the poo on it. You don't want to get your hands in the poo do you?

Re:

[Cylix]

Ten years ago I would have been staunchly against getting poo on my hands. These days I’ll spin up a bash shell in Windows 10 and go to town. I still have the server in the garage, but if I just need to do something minor it is convenient.

The laptops are a split between Mac, Ubuntu and fedora. I’ve got my hands in lots of poo now.

One more stain won’t kill me.

Re:

[awwshit]

Its the cross-contamination that I'm mostly worried about. Once you get the poo on your hands its easy to spread around and before you know it we're having a pandemic.

Re:

[Barsteward]

Maybe this is on its way...
Windows 11 - Windows 10 turned up to 11 by using Linux under the hood

Re: the poo

[BAReFO0t]

Abusing, you mean.

As in: Not getting all the damn points of Unixy operating systems, that grew that way due to decades o experience, and trampling all over it with bad re-implementations that are the same thing but shitter and more inexperenced. But partially liked because of some modern bells and whistles icing, that do not change the badness of the base.

Like systemd.

Re: How many real features?

[BAReFO0t]

Ineperienced MS fanboy kids clearly got modpoints again.

I guess everyoen has to fall on his nose for himself, to learn.

Sadly, there are a bunch of clueless kids and morons born every day.

Re:How many real features?

[im_thatoneguy]

Looks like it's SSH/Bash friendly.

https://github.com/microsoft/P... [github.com]

Re: How many real features?

[BAReFO0t]

Wow. Most basic damn functionality... shell scriptability ... halfway "Check".

Is this like when Chris Rock said in that "black people vs niggahs" bit that niggahs will go tell him "I care for my kids". "What, do you want /cookie/?? You're /supposed/ to care for your kids, ya dumb fuck!"
(I'm a foreigner. Please don't hurt me for getting the current social norms [and ways of writing and euphemisms used] regarding racism wrong.)

ps -aux

[OffTheLip]

Not being Microsoft savvy but it this similar to ps?

Re:ps -aux

[Tailhook]

No. The Russinovich/Sysinternals equivalent of ps is Process Explorer. I'm thinking dtrace might kinda/sorta be the Linux equivalent of procmon.

Re:

[SirAstral]

Correct, Procmon, monitors processes and everything they touch. Which file did the process in question look at, did it access the registry? What is an open, read, write, or close, or access denied types of things. If you want to know what parts of your system an application is touching then procmon is the tool of choice.

Process Explorer is just Task Manager on steroids. Each tool has their uses you should never leave home without these tools if you are a Windows professionally... been using these for ye

Re:

[eneville]

Yes, just like strace.

Re:

[Tailhook]

Process Explorer is actually pretty excellent. Microsoft could soften some hearts if they built a legitimate port of it to Linux.

If they did it with an single "no install" self-contained executable image (as nearly all Sysinternals tools have always been on Windows, amazingly) and avoid the urge to build it on Electron or some other oinker of a runtime people would actually use it despite themselves.

strace with a GUI

[_merlin]

It monitors system calls, and has a bunch of filtering and visualisation features. It's like a GUI version of strace, not dtrace.

Re:

[EkriirkE]

No, more like htop

Re:

[Trongy]

It's not like htop. Htop doesn't monitor system calls that process make.

It looks a bit like strace, but probably more like bpftrace [brendangregg.com] since it's based on eBPF and BCC.

Re: ps -aux

[BAReFO0t]

More like htop, probably.

Can we just ask why?

[nightflameauto]

Whom among Linux developers is clamoring for this? Aren't there literally DOZENS of tools that accomplish the same thing readily available for all distributions already?

Is this just one way Microsoft is starting to set up traditional Windows tools on Linux to get Windows developers comfortable with the idea of using Linux for if/when they start to transition Windows over to a Linux base? That might make a modicum of sense, as there's a pretty high learning curve in that transition. I wonder if they ever do make that move, will there then be a completely different mindset and toolset among Microsoft Linux developers and other Linux developers?

Re:Can we just ask why?

[MightyMartian]

They essentially want developers to write software for Windows, regardless of whether the scripts and binaries are sitting on a Windows box or a Linux box. They basically want to extend Linux into irrelevancy. They tried smashing Linux out of existence by funding a spurious lawsuit and shitting over it at every opportunity, but that failed miserably. So now, this is just a longer game version of embrace, extend, extinguish. After all, if you're using a Windows/.NET toolkit on Linux, you'll hardly miss Linux when the next step is to strip the GNU toolkit out of it, and /bin and /usr/bin are filled with ported versions of Windows tools. Bash will be replaced by Powershell, and you can't tell whether you're logged on to a Linux terminal or a Windows terminal.

Re:

[AndroSyn]

They essentially want developers to write software for Windows, regardless of whether the scripts and binaries are sitting on a Windows box or a Linux box.

If there goal is to get people to write portable software that will work on both Windows AND Linux, then I'm not entirely sure I see the problem here? Isn't portable software a good thing?

Bash will be replaced by Powershell, and you can't tell whether you're logged on to a Linux terminal or a Windows terminal.

A shell is just a shell. It's an interface to

Re:Can we just ask why?

[ElizabethGreene]

If Microsoft wants to port PowerShell to Linux and release the source under a Free Software license, please do!

That would be PowerShell core https://github.com/powershell/... [github.com]

I don't know if it's at feature parity yet, but it is under active development.

Re:

[eneville]

I don't know if it's at feature parity yet, but it is under active development.

It's a sorry broken affair, some keywords don't work the way you'd expect if you're used to return/continue/break behaving like they do. This brokenness is on both Windows and Linux variants. Don't go near powershell, ever.

Re:

[NicknameUnavailable]

/bin and /usr/bin are filled with ported versions of Windows tools. Bash will be replaced by Powershell, and you can't tell whether you're logged on to a Linux terminal or a Windows terminal.

Are you a fan or horror stories in general too?

Re:

[Rick Schumann]

In the past I've said most of what you're saying and I got trashed for my trouble by the Microsoft fanbois and shills.

Re:

[Rick Schumann]

..says the Microsoft fanboi/shill/useful idiot. Blah, blah, blah, WORDS, blah, blah, blah. STFU.

Re:

[Rick Schumann]

Bullshit. Microsoft is clearly using things like that to spread their influence. Also you're full of shit.

Re:

[onyxruby]

I think they've adapted the other way, better to make sure that they are where developers are going to be. A lot of Linux tools already run under Powershell as it is.

The 90's are calling, they've moved on. Hell, the CEO of Microsoft (Satya Nadella) spoke at Red Hat not that long ago. If Richard Stallman and Linus Torvalds can get over the past, so can Slashdot.
* Richard Stallman speaks at Microsoft, states "we should not maintain a burning grudge over actions that ended years ago"
* Linus Torvalds quoted at

Re:

[MightyMartian]

The point is they eamttto be the gatekeeper. That has become very clear.

Re:

[eneville]

Has MS moved out of the OS market then? Are they no longer a competitor who would have a very wide smile if GNU/Linux suddenly died?

Re:

[onyxruby]

Competition is inherently a good thing. By the explicit design of the license you can't kill Linux. You can't buy it out. You can't kill it through by patent attorney - remember SCO? It's a strawman argument. It's long past time to move on.

Re:

[eneville]

After all, if you're using a Windows/.NET toolkit on Linux, you'll hardly miss Linux when the next step is to strip the GNU toolkit out of it, and /bin and /usr/bin are filled with ported versions of Windows tools. Bash will be replaced by Powershell, and you can't tell whether you're logged on to a Linux terminal or a Windows terminal.

You can look at this from an accountants point of view too. You'll hardly miss windows when your .net works everywhere else too and the shells look the same. You know what, been free of Windows since 2003, and I don't miss it. I don't miss the continual updates, I don't miss the broken network layer, I don't miss the malware or the unexpected extras you get from installing things.

If you have a network of thousands of machines running IIS/.net and it works just fine on Apache/mono then why pay for the additi

Re:

[Austerity Empowers]

Microsoft wants us to care about their crap in the hopes we might fix their shit. There was a time, 20 years ago, where I'd have been willing to fix their shit just because I was sick of it.

But that was 20 years ago, now I just don't need their shit, and I don't want to fix it, or look at it, or even acknowledge that it exists anymore.

Re:

[SirDrinksAlot]

I think that's the problem they're trying to solve isn't it? There are dozens of disparate applications that together accomplishes what procmon does? I don't know if the linux promon does all of the things windows procmon does, but if it does It'll make my life easier.

I don't think it's largely the developers that would be clamoring for it, it's the people trying to figure out WTF a developer did and how that interacts with the system that may be interested in it.

One tool that integrates all the things tha

Re:

[dragonturtle69]

And only builds on some flavors of Linux, like Ubuntu 18.04 being listed as a requirement.

Minimum OS Requirements Bug [github.com]

Re:

[TheDarkener]

I don't think they're marketing toward Linux natives, like you're speculating.

Re:

[thegarbz]

Whom among Linux developers is clamoring for this?

Who cares about Linux developers? Sometimes a Windows developer will use Linux and may want a familiar tool.

The reverse applies too. There's a windows build for emacs, oh the humanity, what Windows developer would be clamoring for that when they already have a complicated OS.

Re:

[AmiMoJo]

There are literally DOZENS of tools that edit text readily available for all distributions already, doesn't meant people are going to stop writing new text editors.

It seems like a nice tool that pulls together a load of information and is easy to use. The great thing about open source is that there is room for everyone and the good ideas float to the top, so let's see if it's made of wood or not.

Linuxify Windows or Windowsify Linux ?

[stooo]

One of those will happen in the long run: Linuxify Windows or Windowsify Linux.

Re:

[rastos1]

I'm not clamoring for this, but I'm not aware of a linux tool that tells you the callstack that led to the particular system call, tool that would tell you who accessed a particular file (unless you turn on auditing on the whole filesystem), what was the thread id, which process has sent the packet, what was the message exchanged on dbus, etc.

May be I'm just ignorant of the existing linux tools and need enlightening. But IMHO strace/htop/tcpdump is not a solution to every problem.

Re: Can we just ask why?

[BAReFO0t]

Microsoft's "linux" crowd is!
They are the types who drank ALL the kool-aid, but want to bring the non-linux MS admins onto their boat. With as many MS banners and bells and whistles and eldrich abominations as possible.

We know they don't really got the philosophical points and decsdes of experience behind the whole Unix and open source thing. Cargo culting them at best. Considering them a nuisance due to lack of understanding and experience, like Poettering, at worst.

Re:

[tmh - The Mad Hacker]

By porting Windows tools to Win-Linux and encouraging Windows users to use them instead of more common Linux tools, MS ensures that people are used to the Windows versions and expect them to be there, so that when they get on any other Linux distro, they get frustrated and think it stinks because it lacks basic system tools, and they never want to use anything besides Microsoft's, because it has everything they need.

Re:

[robinsc]

Microsoft ui is generally better than many opensource UIs. Also having the same UI cross platform is also a plus. I don't see any downside to it and the sysinternal tools are really high quality. If they can maintain the same quality on Linux I for one wold be glad to give it a whirl.

Re:

[TFlan91]

Oh boy, a table with rows and columns has never been used before htop, can't even think of another one off the top of my head... /s

Re:

[im_thatoneguy]

Lol wut? That's a pretty dumb take. They don't even have the same column names, it doesn't use htop's current usage meters... They don't even slightly resemble each other except that both have a PID column.

I think you meant, the layout is ripped off from ProcMon.
https://www.bleepstatic.com/do... [bleepstatic.com]

we already have

[FudRucker]

top, htop, gkrellm, and that other one that i find annoying good ol conky that cant decide to be a windowed app or an embedded sticky thing

Links. Process Explorer is excellent. P. Monitor?

[Futurepower(R)]

Free download: Microsoft Process Monitor [microsoft.com].

I don't know the purpose of using Microsoft Process Monitor. There are a lot of lines that say "Desired Access".

Free download: Microsoft Process Explorer [microsoft.com].

Process Explorer is excellent. Why does Firefox use a lot of CPU percentage when it is not being viewed? Waterfox is worse.

It's possible to save a session with the Firefox Session Manager add-on, then kill Firefox with Process Explorer, then re-start only the windows and tabs you continue to want. That

Re:Links. Process Explorer is excellent. P. Monito

[ElizabethGreene]

I use process monitor to see what files an application is opening (both binaries and configuration), registry locations it reads and writes, any resources with denied access, and network sockets it opens.

My original use case for it was application compatibility work in getting applications to run without administrator rights. Now I use it as a swiss army knife for troubleshooting black box applications.

Re: Links. Process Explorer is excellent. P. Monit

[BAReFO0t]

So htop or /proc/, lsof, netstat, but without the scriptability or modularity or simple text interface?

Re:

[ElizabethGreene]

htop is closer to Process Explorer, and is a 10/10 tool.

My recollection is that lsof and netstat are point-in-time snapshots. Do they have an option to monitor continuously (like tail -f) or do you have to use the watch command to see those? I looked for this in the past and didn't see it.

Works great

[PPH]

I can see systemd and half a dozen zombie pulseaudio processes.

Re:

[jenningsthecat]

I can see systemd and half a dozen zombie pulseaudio processes.

If you hadn't included the 'zombie' qualifier I'd be asking 'Is that you Lennart?'.

Re: Works great

[BAReFO0t]

Doesn't he run linuxd as a subprocess to systemd nowadays? ;)

Re:

[jenningsthecat]

For now. I'm sure he's working on getting rid of linuxd altogether and turning systemd into a complete OS. Maybe he'll call it 'SystemLP', or perhaps 'Poetterix'.

who asked for this drivel?

[Your Average Joe]

Who is exactly in need of this? Nobody.

We are in need of a version of SAMBA that is on par with Microsoft windows server.

We are in need of all file formats public so OpenOffice or Libre office can make exact office files.

We are in need of tools to replace excel with something more centralized.

We are in need of running Windows services on prem with our own cloud, not Azure

We are in need of windows 10 remote services so we do not have to run windows 10 in the MS cloud.

The only way for microsoft to continue to make money like they did in the past is to Rob, Rape, Pilliage and burn. If they mess that up and get things in the wrong order they will fade into irrelevance. I am speaking on the money and stock market.

Re:

[thegarbz]

Who is exactly in need of this? Nobody.

You can say that about most things in IT. Few people "need" anything. Hell we don't "need" Linux at all. Everyone could just run Windows. The reality though is people want options, they want different things, and since it's no longer the early 90s you'll find developers that often run more than one OS and actually appreciate having the same toolset available regardless of which OS they are using.

If they mess that up and get things in the wrong order

Microsoft has 156000 employees. I'm sure they can work on two things at once. Maybe even three.

Re:

[eneville]

Microsoft has 156000 employees. I'm sure they can work on two things at once. Maybe even three.

You have clearly never opened a support case with MS.

Re:

[thegarbz]

You have clearly never opened a support case with MS.

You're begging the question if MS actually handles its own support cases. I have opened support cases. There is no doubt in my mind that not only were the Indians I was bounced between not working for MS, they seemed to not have a clue about MS's products either.

Fortunately I got an RMA fairly quickly.

Re:

[thegarbz]

I should mention I got that RMA after being asked to factory reset my computer to resolve a fan making a grinding noise. Yes that's something support asked me to do.

Re:

[AmiMoJo]

We are in need of all file formats public so OpenOffice or Libre office can make exact office files.

The file format is open, that's not the problem. The problem is trying to match behaviour between two apps. Look at how much effort has gone into formalising how web browsers render HTML/CSS and even so there are differences between them.

We are in need of tools to replace excel with something more centralized.

No we want it to be less centralized. Ditch all the different scripting systems, standardize on Javascript and HTML/CSS for graphics.

We are in need of running Windows services on prem with our own cloud, not Azure

Azure is mostly Linux. You can migrate everything away to your own Linux server but what keeps people on Azure is the integration with develo

Re:

[Bert64]

The format is semi open, but the spec is quite poor - largely to make interoperability difficult (see all the detailed teardowns people did when they tried to force it through the iso standards track)... Add to that, their own implementations don't actually comply with the published spec anyway.

Re:

[johnsie]

Who is we? Those sound like some pretty niche requirements. Why re-invent the wheel when you can already do all that in Windows?

Re: who asked for this drivel?

[BAReFO0t]

MS Office file formats are already "open". OOXML.

But instead of writing a proper standard and then building their code according to that, they just poured their entire software package's spaggetti code into a huge, gigantic "standard" (yeah, like HTML5), that nobody can fully understand, but is technically "open" ... to act like an option for standardization to international bodies (with or without moles)...
And that is the point.

Will it phone home like Process Explorer in Win?

[UBfusion]

The latest Process Explorer for Windows (v16.34) phones home for some reason, while it didn't in previous versions. I know because I had to blacklist it in my firewall. Therefore, I wouldn't be surprised if this new ProcMon phoned home, because most Linux users wouldn't notice it unless they use an interactive per-app firewall like OpenSnitch.

Re:

[johnsie]

Yeah, they specifically designed it to target paranoid people /s

top

[sallywoog]

Microsoft just rediscovered and reimplemented the "top" or "htop" command

Strace

[Bert64]

It looks like strace with a curses ui, so you are limited to whatever filtering options it implements rather than being able to pipe the output into another app for processing?

htop already does that.

[BAReFO0t]

Tracing syscalls, looking at files open by a program, etc.

Though ideally, on a proper "everything is a file" UNIX system, listing /proc/ in the form of a table, and should already do the trick. And tail -f /proc/$mypid/syscalls should do systcall tracing. Though the latter is sadly not available, even though I could write a patch that does it pretty quickly.

Is "rewritten and re-imagined" just "ported"?

[eric_harris_76]

Isn't the shorter way to say "rewritten and re-imagined" just "ported"?

I didn't RTFA, so maybe I missed it. Could be it's all fancy and possibly schmancy, and not a simple re-implementation of the same functionality.

Guess I try that RTFA thing, and see.