📄 pmon.shtml
字号:
</tr>
</table>
</td>
</tr>
<tr>
<td colspan="2" valign="top">
<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr valign="top">
<td colspan="3" height="429"><!-- #BeginEditable "Body" -->
<TABLE CELLSPACING="10" CELLPADDING="0" WIDTH="408">
<TR valign="top" align="left">
<TD COLSPAN="2" width="651">
<table width="580" border="0" cellspacing="0" cellpadding="0">
<tr>
<td valign="top">
<table width="549" border="0" cellspacing="0" cellpadding="0" dwcopytype="CopyTableRow">
<tr>
<td colspan="3" valign="top"><span class='include'>Last
updated July 9, 1997</span>
<hr>
</td>
</tr>
<tr>
<td colspan="3" height="40" valign="middle"><span class='sectionheader'>Introduction</span></td>
</tr>
<tr>
<td valign="TOP" colspan="3" align="left"><i>PMon</i>
is a Windows NT device driver/GUI combination that
logs and displays all process activity on a Windows
NT 4.0 system. The device driver uses several undocumented
hooking functions that cause it to be called whenever
a process or thread is created or deleted. In addition,
if run on the Checked build of NT or the Multiprocessing
kernel, an undocumented context-swap hook is installed
that has PMon optionally display all context switch
activity.</td>
</tr>
<tr>
<td colspan="3" height="40" valign="middle"><span class='sectionheader'>Installation
and Use</span></td>
</tr>
<tr>
<td valign="TOP" colspan="3"> <i>PMon </i>works on
all builds of NT 4.0. Installing <i>PMon </i>is
as easy as unzipping it and typing, "ntpmon."
The GUI dynamically loads the driver (based on code
from the instdrv sample in the Windows NT DDK),
which installs hooks for process and thread creation
and deletion. The menus can be used to disable event
capturing, control the scrolling of the listview,
and to save the listview contents to an ASCII file.
<p>Where possible, <i>PMon </i>displays the name
of the process that owns a thread that is part
of a thread creation or deletion, or a context
swap. The thread ID immediately follows the process
name. In some cases the owning process does not
exist anymore, in which case <i>PMon </i>displays
"???" for the name. The "Elapsed"
column indicates the time in seconds between successive
events in the display. Note that many times this
will be 0, which simply means that the events
happened inside of one system timer clock tick.
Clock ticks are normally 10 milliseconds apart,
so alot can happen (for more information on the
NT system timer, see <a
href="../../ntw2k/info/timer.shtml">Inside NT High Resolution Timers</a>).
</p>
<p>The context-swap hook is only present in multiprocessor
builds of NT, and is by default not enabled. To
turn on context-switch monitoring when it is present,
select the "Context Swap" menu entry
under the "Events" menu. Note that monitoring
context swaps generates many records rapidly.
In order to try and minimize the amount of non-interesting
context-swap noise, PMon ignores swaps between
system threads 0 and 1, which occur frequently
as system work items are dispatched. </p>
<p>If you have MSDN membership, you have the checked
build. You can install a minimal checked build
environment by replacing NTOSKRNL.EXE with the
NTOSKRNL.EXE on the checked build CD, and by replacing
HAL.DLL with the appropriate version on the checked
build. To determine the correct HAL to copy over
to your system, search for HAL.DLL in its [winnt]\repair\setup.log
file. Copy the one with the same name on the checked
CD to HAL.DLL in your [winnt]\system32 directory.
Be sure and back up your existing copies of these
files so that you can go back to the free build.<br>
<br>
<img src="../../images/screenshots/ntpshot.gif" width="549" height="473">
</td>
</tr>
<tr>
<td colspan="3" height="40" valign="middle" align="center">
<p><a href="../../files/ntpmon.zip"><b><br>
Download PMon (23KB)</b></a></p>
<a href="#top"><b>Back to Top</b></a> </td>
</tr>
</table>
</td>
</tr>
</table>
</TD>
</TR>
</TABLE>
<!-- #EndEditable --></td>
</tr>
</table>
</td>
</tr>
</table>
</body>
<!-- #EndTemplate --></html>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -