PMon

Description:

PMon is a device driver/GUI combination designed for Windows NT 4.0 systems. It logs and displays all process activity by utilizing several undocumented hooking functions. This allows PMon to be called whenever a process or thread is created or deleted. In the Checked build of NT or the Multiprocessing kernel, you can also opt for context-swap monitoring, revealing all context switch activities.

PMon is compatible with all builds of Windows NT 4.0. Installing PMon is a breeze - simply unzip the file and type "ntpmon." The GUI dynamically loads the driver, integrating hooks for process and thread management. The menu features enable you to control event capturing, listview scrolling, and saving listview contents to an ASCII file.

Main Features:

• Logs and displays all process activity


• Utilizes undocumented hooking functions


• Allows for context-swap monitoring


• Easy installation process


• Dynamically loads driver and installs hooks


• Control event capturing via GUI menus


• Save listview contents to an ASCII file

PMon showcases the process owner's name for thread creation, deletion, or context swap, followed by the thread ID. For non-existent process owners, "???" is displayed. The "Elapsed" column denotes the time in seconds between consecutive events. The context-swap hook is available in multiprocessor NT builds but is disabled by default. Enabling it allows for rapid context-switch monitoring.

Installation Instructions:

1. For MSDN members with the checked build, replace NTOSKRNL.EXE and HAL.DLL with the appropriate versions for context-switch monitoring.


2. Search for HAL.DLL in the [winnt]repairsetup.log file to determine the correct version to copy over.


3. Back up existing files before making changes to revert to the previous build if needed.

Enhance your process monitoring capabilities with PMon - a reliable and efficient tool for Windows NT 4.0 systems.