Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Which API does Windows Resource Monitor use?

Tags:

windows

resource-monitor

etw

Windows Resource Monitor displays (among other things) which files on disk are currently accessed by which processes. And it does that in realtime. How?

I know that it probably uses ETW and that I can generate traces with tools like xperf. But how to get realtime information without having to start, stop and parse a trace file?

I need to programmatically access the data, i.e. from C# or C++.

like image 409
Helge Klein Avatar asked Nov 24 '11 11:11

Helge Klein

People also ask

How do I access Windows Resource Monitor?

Press the Ctrl + Alt + Del keys at the same time and select Start Task Manager on the screen that appears. In the Task Manager, click the Performance tab, then click the Resource Monitor button or Open Resource Monitor link, depending on your version of Windows.

What is Windows Resource Monitor used for?

Resource Monitor (Resmon) is a system application included in Windows Vista and later versions of Windows that allows users to look at the presence and allocation of resources on a computer.

What is the difference between Task Manager and Resource Monitor?

The Task Manager can best be described as a tool that runs on the surface. It lists processes and services, and general resource usage. The Resource Monitor, on the other hand, gives you options to look under the surface to look up information that the Task Manager does not provide.

How do I read memory in Resource Monitor?

Check Computer Memory Usage Easily To open up Resource Monitor, press Windows Key + R and type resmon into the search box. Resource Monitor will tell you exactly how much RAM is being used, what is using it, and allow you to sort the list of apps using it by several different categories.

1 Answers

wOpenTrace/ProcessTrace/StopTrace can get the data in real-time as long as you know the provider GUID. They can run on Win2000 but you need to parse the raw data in your callback functions. To convert raw data into human-readable text, we need the TMF/MOF. Not sure if they are public though.

For Vista/Win7, there is a new set of TDH (Trace Data Helper) APIs (eg: TdhFormatProperty). Scroll down a little of above links and you can see them. The good thing about TDH is they can parse the data for you (still need to provide TDH the TMF/MOF though).

I tried to write my own .etl to readable .txt program using Open/Process/StopTrace API (because I need to support XP). I found out it's quite difficult. The TMF file is not hard to interpret since it pure text. The hard thing is to decipher more than 50 different undocumented prinf-alike format-specifications' internal structures. So I gave up in the end and stick to the powerful tracefmt.exe provided in Microsoft WDK.

like image 123
Peter Avatar answered Sep 19 '22 22:09

Peter
Sign in to Comment

Related questions

Writing device driver?
os.path.join - can I get consistency between Windows and Cygwin?
Perl command line: single vs. double quotes for directory arguments
Are there any reasons not to mix Multiprocessing and Threading module in Python
Emulate keyboard
Batch- string search on Windows PATH
SVN Revision Graph
How to Execute Clojure File?
running an R script in batch mode without the command prompt popping up
create .exe from c# windows application
How to install cygwin/X through apt-cyg [closed]
Windows UI Automation not showing all child elements?
Do certain exception errors occur only in the debugger?
Create a library or DLL in Linux and using them on Windows
How to open the Run window programmatically
Netbeans Project from Mac to Windows
How to get current frame?
Python sys.maxint, sys.maxunicode on Linux and windows
What should I use to replace gettimeofday() on Windows? [duplicate]
Determining running programs in Python

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!