(this is a follow up to the "Need to dump the contents of the Registry
" thread)

The ProcMon help file includes the snippet below, used to inject our
own profiling events into the event stream.

-Ramon

---------------------------------------------

Injecting Application Debug Messages
If you are an application developer, it might be useful to include
your own debug output in Process Monitor's event stream so that you
can better correlate application operations with other events. Process
Monitor allows unprivileged applications to inject wide-character
strings of up to 2048 characters in length. The code sample below
shows how to open the Process Monitor debugging interface and write
messages to the event stream. The strings do not need to be null-
terminated, though the one in the example is. The code sample below
demonstrates how to generate Process Monitor debug output. John
Robbins has also made helper classes you can use in your native or
managed application to easily add support, which you can download
here.

Note that you must show Profiling events, which are filtered by the
default filter configuration, to see these events.

#include <windows.h>
#include <tchar.h>
#include <stdio.h>

#define FILE_DEVICE_PROCMON_LOG 0x00009535
#define IOCTL_EXTERNAL_LOG_DEBUGOUT (ULONG)
CTL_CODE( FILE_DEVICE_PROCMON_LOG, 0x81, METHOD_BUFFERED,
FILE_WRITE_ACCESS )

int main( int argc, char * argv[] )
{
HANDLE hDevice = CreateFile( L"\\\\.\\Global\\ProcmonDebugLogger",
GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE|
FILE_SHARE_DELETE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL );

if ( hDevice != INVALID_HANDLE_VALUE ) {

    WCHAR text[] = L"Debug out";

    DWORD textlen = (_wcslen(text)+1) *sizeof(WCHAR)
    DWORD nb = 0;

    BOOL ok = DeviceIoControl( hDevice, IOCTL_EXTERNAL_LOG_DEBUGOUT,
text, textlen, NULL, 0, &nb, NULL );

    if ( ok ) {
        printf( "wrote %d\n", i );
    } else {
        printf( "error 0x%x\n", GetLastError() );
    }

} else {
    printf( "error %d opening Process Monitor\n", GetLastError() );
}

return 0;
}

Am Wed, 29 Sep 2010 07:44:10 -0700 (PDT) schrieb Ramon F Herrera:

> ...
> if Event Class is Profiling Include
> if Operation is Process Profiling Include
> 
> (not sure what the difference is)
> 
> So, if any of you folks have been able to make this work, your expert
> advice would be very appreciated.
> 

It works for me with these filters.
ProcMon ver. 2.93
Do you use an old version of ProcMon?
If you used an older version in your session before, you must reboot and
start the new version again.

BTW. I had to include
#include <windows.h>
#include <winioctl.h>
#include <stdio.h>

Friedel

On Sep 30, 11:03=A0am, Friedel Jantzen <nospam_...@freenet.de> wrote:
> Am Wed, 29 Sep 2010 07:44:10 -0700 (PDT) schrieb Ramon F Herrera:
>
> > ...
> > if Event Class is Profiling Include
> > if Operation is Process Profiling Include
>
> > (not sure what the difference is)
>
> > So, if any of you folks have been able to make this work, your expert
> > advice would be very appreciated.
>
> It works for me with these filters.


Thanks, Friedel!

Where does the output come out? In the "Detail" column? Is it
interspersed between the "heartbeats"?

 > ProcMon ver. 2.93

I am learning about the program and downloaded it yesterday. My
version is 2.92. That is the one available at the Microsoft/
sysinternals site. I assume 2.93 is a typo?

Do you mind posting your code? I assume that it is very similar to the
one in the help file.

TIA,

-Ramon

On Sep 30, 11:03=A0am, Friedel Jantzen <nospam_...@freenet.de> wrote:
> Am Wed, 29 Sep 2010 07:44:10 -0700 (PDT) schrieb Ramon F Herrera:
>
> > ...
> > if Event Class is Profiling Include
> > if Operation is Process Profiling Include
>
> > (not sure what the difference is)
>
> > So, if any of you folks have been able to make this work, your expert
> > advice would be very appreciated.
>
> It works for me with these filters.
> ProcMon ver. 2.93
> Do you use an old version of ProcMon?
> If you used an older version in your session before, you must reboot and
> start the new version again.
>
> BTW. I had to include
> #include <windows.h>
> #include <winioctl.h>
> #include <stdio.h>
>
> Friedel


Friedel,

You may ignore my previous message. The code is injecting my messages.
Not sure what the problem was.

Thx,

-Ramon

Am Thu, 30 Sep 2010 12:51:58 -0700 (PDT) schrieb Ramon F Herrera:
> 
> You may ignore my previous message. The code is injecting my messages.
> Not sure what the problem was.

Hi Ramon,
I hope,it's fixed now.

IMO, in many cases it is easier to use OutputDebugString() and send a
string to your debugger.

Friedel