📄 portmon.shtml
字号:
Windows NT/2K system in the same Network Neighborhood.</li>
<li><b>Most-recent-filter lists:</b> <i>Portmon</i>
has been extended with powerful filtering capabilities
and it remembers your most recent filter selections,
with an interface that makes it easy to reselect
them.</li>
<li><b>Clipboard copy:</b> Select multiple lines
in the output window and copy their contents
to the clipboard. </li>
<li><b>Highlighting:</b> Highlight debug output
that matches your highlighting filter, and even
customize the highlighting colors.</li>
<li><b>Log-to-file:</b> Write debug output to
a file as its being captured.</li>
<li><b>Printing:</b> Print all or part of captured
debug output to a printer. </li>
<li><b>One-file payload: </b><i>Portmon</i> is
now implemented as one file.</li>
</ul>
<p>The on-line help-file describes all these features,
and more, in detail.<br>
<br>
<img src="../../images/screenshots/portshot.gif" width="549" height="343">
</td>
</tr>
<tr>
<td height="40" colspan="3" valign="middle"><span class='sectionheader'>Installation
and Use </span></td>
</tr>
<tr>
<td colspan="3" valign="TOP">
<p>Simply execute the <i>Portmon</i> program file
(portmon.exe) and <i>Portmon</i> will immediately
start capturing debug output. To run <i>Portmon</i>
on Windows 95 you must get the <a
href="http://www.microsoft.com/windows95/downloads/contents/wuadmintools/s_wunetworkingtools/w95sockets2/default.asp?site=95">WinSock2
update</a> from Microsoft. Note that if you run
<i>Portmon</i> on Windows NT/2K portmon.exe must
be located on a non-network drive and you must
have administrative privilege. Menus, hot-keys,
or toolbar buttons can be used to clear the window,
save the monitored data to a file, search output,
change the window font, and more. The on-line
help describes all of <i>Portmon</i>'s features.
</p>
<p><i>Portmon</i> understands all serial and parallel
port I/O control (IOCTLs) commands and will display
them along with interesting information regarding
their associated parameters. For read and write
requests Portmon displays the first several dozen
bytes of the buffer, using '.' to represent non-printable
characters. The Show Hex menu option lets you
toggle between ASCII and raw hex output of buffer
data.
</td>
</tr>
<tr>
<td height="40" colspan="3" valign="middle"><span class='sectionheader'>How
it Works: WinNT</span></td>
</tr>
<tr>
<td colspan="3" valign="TOP">
<p>The <i>Portmon</i> GUI is responsible for identifying
serial and parallel ports. It does so by enumerating
the serial ports that are configured under HKEY_LOCAL_MACHINE\Hardware\DeviceMap\SerialComm
and the parallel ports defined under HKEY_LOCAL_MACHINE\Hardware\DeviceMap\Parallel
Ports. These keys contain the mappings between
serial and parallel port device names and the
Win32-accessible names. </p>
<p>When you select a port to monitor, <i>Portmon</i>
sends a request to its device driver that includes
the NT name (e.g. \device\serial0) that you are
interested in. The driver uses standard filtering
APIs to attach its own filter device object to
the target device object. First, it uses <b>ZwCreateFile</b>
to open the target device. Then it translates
the handle it receives back from <b>ZwCreateFile</b>
to a device object pointer. After creating its
own filter device object that matches the characteristics
of the target, the driver calls <b>IoAttachDeviceByPointer</b>
to establish the filter. From that point on the
<i>Portmon</i> driver will see all requests aimed
at the target device. A complete source code example
of filtering is demonstrated by our <a href="../../ntw2k/source/filemon.shtml">Filemon
</a>file system monitor.</p>
<p><i>Portmon</i> has built-in knowledge of all
standard serial and parallel port IOCTLs, which
are the primary way that applications and drivers
configure and read status information from ports.
The IOCTLs are defined in the DDK file \ddk\src\comm\inc\ntddser.h
and \ddk\src\comm\inc\ntddpar.h, and some are
documented in the DDK.
</td>
</tr>
<tr>
<td height="40" colspan="3" valign="middle"><span class='sectionheader'>How
it Works: Win9x</span></td>
</tr>
<tr>
<td colspan="3" valign="TOP">
<p>On Windows 95 and 98, the <em>Portmon</em> GUI
relies on a dynamically loaded VxD to capture
serial and parallel activity. The Windows VCOMM
(Virtual Communications) device driver serves
as the interface to parallel and serial devices,
so applications that access ports indirectly use
its services. The <em>Portmon</em> VxD uses standard
VxD service hooking to intercept all accesses
to VCOMM's functions. Like its NT device driver,
<em>Portmon</em>'s VxD interprets requests to
display them in a friendly format.
</td>
</tr>
<tr>
<td height="40" colspan="3" valign="middle"><span class='sectionheader'>Related Utilities</span></td>
</tr>
<tr>
<td colspan="3" valign="TOP">
<p>Here are some other monitoring tools available
at Sysinternals:
<ul>
<li><a href="../../ntw2k/source/regmon.shtml">Regmon</a>
- a Registry monitor</li>
<li><a href="../../ntw2k/source/filemon.shtml">Filemon</a>
- a file system monitor</li>
<li><a href="../../ntw2k/freeware/tdimon.shtml">Tdimon</a>
- a TCP/IP monitor</li>
<li><a href="../../ntw2k/freeware/pmon.shtml">PMon</a>
- a process and thread monitor (NT/Win2K)</li>
<li><a href="../../ntw2k/freeware/diskmon.shtml">Diskmon</a>
- a hard disk monitor (NT/Win2K)</li>
<li><a href="../../ntw2k/freeware/debugview.shtml">DebugView/EE</a>
- a debug output monitor</li>
</ul>
</td>
</tr>
<tr>
<td colspan="3" height="40" valign="middle" align="center">
<p><br><br><br>
<b>In order to help us track its use, please download
through the link that represents the operating
system on <br>
which you will use or mostly use Portmon. <br>
Note that the zip files are identical, and Portmon
runs on either platform.</b></p>
<p><a href="../../files/portm98.zip"><b>Download Portmon
(x86 - 52KB) - you plan on using Portmon on Win9x</b></a></p>
<p><a href="../../files/portmon.zip"><b>Download Portmon
(x86 - 52KB) - you plan on using Portmon on WinNT</b></a></p>
<p><a href="../../files/portaxp.zip"><b>Download Portmon
(Alpha - 84KB)</b></a></p>
<a href="#top"><b>Back to Top</b></a> </td>
</tr>
</table>
</td>
</tr>
</table>
</TD>
</TR>
</TABLE>
<!-- #EndEditable --></td>
</tr>
</table>
</td>
</tr>
</table>
</body>
<!-- #EndTemplate --></html>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -