Most active commenters

    ←back to thread

    A Linux version of the Procmon Sysinternals tool

    (github.com)
    166 points LelouBil | 13 comments | 31 Aug 25 22:43 UTC | HN request time: 1.414s | source | bottom
    Show context
    perching_aix ◴[01 Sep 25 00:56 UTC] No.45088446[source]
    If this works remotely as well as the Windows version, I'm stoked. Polling for information (like with lsof) really rubs me the wrong way.
    replies(2): >>45088480 #>>45088733 #
    1. calvinmorrison ◴[01 Sep 25 01:02 UTC] No.45088480[source]
    really? i have to use procman and associated utilities often and they really pale in comparison with linux and even moreso other unix utils (like dtrace)
    replies(5): >>45088759 #>>45089005 #>>45089451 #>>45091282 #>>45091614 #
    2. perching_aix ◴[01 Sep 25 02:00 UTC] No.45088759[source]
    Care to expand on that? I'm similarly just forced to use Linux and its tooling ecosystem, so decent chances I'm simply missing what's cool/cooler.
    replies(1): >>45093773 #
    3. sirjaz ◴[01 Sep 25 02:54 UTC] No.45089005[source]
    Windows Server 2025 supports dtrace out of the box: https://learn.microsoft.com/en-us/windows-server/administrat...
    replies(1): >>45090165 #
    4. lll-o-lll ◴[01 Sep 25 04:27 UTC] No.45089451[source]
    dtrace is more comparable to ETW in windows land. Procmon is more for quick and dirty analysis. Maybe there are other *nix tools that are more appropriate, but I look forward to trying this one out.
    5. cyberpunk ◴[01 Sep 25 06:52 UTC] No.45090165[source]
    This really is the weirdest timeline…
    replies(1): >>45092725 #
    6. ◴[01 Sep 25 10:05 UTC] No.45091282[source]
    7. TiredOfLife ◴[01 Sep 25 10:56 UTC] No.45091614[source]
    really? One of the things I miss when using linux is resmon. I have not found anything that has even remotely the same functionality. For example seeing which process is using which files.
    replies(2): >>45092443 #>>45092487 #
    8. olddustytrail ◴[01 Sep 25 13:10 UTC] No.45092443[source]
    You can do that with sysdig.
    9. bdhcuidbebe ◴[01 Sep 25 13:17 UTC] No.45092487[source]
    There’s multiple tools.

    For your stated issue, see lsfd

    https://www.man7.org/linux/man-pages/man1/lsfd.1.html

    10. actionfromafar ◴[01 Sep 25 13:59 UTC] No.45092725{3}[source]
    But is it like the "real" dtrace or is like how PowerShell wget isn't actually wget but an alias for Invoke-WebRequest?
    replies(1): >>45092796 #
    11. p_ing ◴[01 Sep 25 14:08 UTC] No.45092796{4}[source]
    Two seconds of investigation yields that it is a port of dtrace.

    https://learn.microsoft.com/en-us/windows-hardware/drivers/d...

    replies(1): >>45093483 #
    12. actionfromafar ◴[01 Sep 25 15:26 UTC] No.45093483{5}[source]
    Well, true, but I'm not in a position to understand what that means. I remember talks about dtrace in Linux way back when and something about how "it's not the same thing, you have to add support in all of userspace which is not there" or something like that.
    13. calvinmorrison ◴[01 Sep 25 15:55 UTC] No.45093773[source]
    yes. I work with ancient and opaque tools that dont have good debugging / reporting facilities. Often we have to jump into procmon or whatever see why the heck the thing is stuck. something like strace is native and everywhere and you can sus out easily - hey this proc is trying to open this thing over and over.

    procmon is cool, but i have found it limited when the program isnt doing anything 'obvious', and also that i have to download it and run it from the web is a problem when debugging on client systems.