Situatie
Process Monitor (Procmon) este o reimaginare Linux a instrumentului clasic Procmon din suita de instrumente Sysinternals pentru Windows. Procmon oferă o modalitate convenabilă și eficientă pentru dezvoltatorii Linux de a urmări activitatea syscall pe sistem.
Solutie
Install Procmon
Ubuntu 18.04 & 20.04
1. Register Microsoft key and feed
wget -q https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
sudo apt-get update
sudo apt-get install procmon
1. Install build dependencies
sudo apt-get -y install bison build-essential flex git libedit-dev \ libllvm6.0 llvm-6.0-dev libclang-6.0-dev python zlib1g-dev libelf-dev
2. Build Procmon
git clone https://github.com/Microsoft/Procmon-for-Linux cd Procmon-for-Linux mkdir build cd build cmake .. make
3.Building Procmon Packages
The distribution packages for Procmon for Linux are constructed utilizing cpack. To build a deb package of Procmon on Ubuntu simply run:
cd build cpack ..
4.Usage
Usage: procmon [OPTIONS]
OPTIONS
-h/--help Prints this help screen
-p/--pids Comma separated list of process ids to monitor
-e/--events Comma separated list of system calls to monitor
-c/--collect [FILEPATH] Option to start Procmon in a headless mode
-f/--file FILEPATH Open a Procmon trace file
5.Examples
The following traces all processes and syscalls on the system
sudo procmon
The following traces processes with process id 10 and 20
sudo procmon -p 10,20
The following traces process 20 only syscalls read, write and openat
sudo procmon -p 20 -e read,write,openat
The following traces process 35 and opens Procmon in headless mode to output all captured events to file procmon.db
sudo procmon -p 35 -c procmon.db
The following opens a Procmon tracefile, procmon.db, within the Procmon TUI
sudo procmon -f procmon.db
Leave A Comment?