How is this different from using 'htop' and pressing 's' to strace a process?
perching_aix
7 hours ago
[ - ]
If this works remotely as well as the Windows version, I'm stoked. Polling for information (like with lsof) really rubs me the wrong way.
0x696C6961
6 hours ago
[ - ]
Check out sysdig.
calvinmorrison
7 hours ago
[ - ]
really? i have to use procman and associated utilities often and they really pale in comparison with linux and even moreso other unix utils (like dtrace)
dtrace is more comparable to ETW in windows land. Procmon is more for quick and dirty analysis. Maybe there are other *nix tools that are more appropriate, but I look forward to trying this one out.
perching_aix
6 hours ago
[ - ]
Care to expand on that? I'm similarly just forced to use Linux and its tooling ecosystem, so decent chances I'm simply missing what's cool/cooler.
INTPenis
55 minutes ago
[ - ]
This is great but it's kinda sad the INSTALL.md file was updated 2 months ago and it still doesn't work. Won't anyone report these issues?
notepad0x90
6 hours ago
[ - ]
does this provide telemetry not available with strace?
And is the output csv/logfile compatible with the windows equivalent? If so, that'd be amazing! tools like procdot can analyze/visualize the data:
This feels like a TUI front-end for strace, but I'm not complaining. This I think will come in handy.
fennec-posix
4 hours ago
[ - ]
Though interestingly, seems to use its own eBPF library
baranul
5 hours ago
[ - ]
Expect Microsoft to come out with more Linux tools. The demand, interest, and requests are likely to only increase.
notepad0x90
1 hour ago
[ - ]
They have one of the largest Linux user base out there in Azure. They have their own distro. My favorite Linux memory forensics tool (AVML) is made by them. Sysmon for Linux uses eBPF which makes it a tad-bit more powerful than auditd,etc..
If you can't beat'em join'em!
maldonad0
3 hours ago
[ - ]
Looks like btop but M$.
superkuh
3 hours ago
[ - ]
The sysinternals guys (Mark Russinovich and Bryce Cogswell) and code, at least most of it, existed independently of microsoft for many years. It was great. So great MS bought it and brought it and them inside. Russinovich is CTO of Azure now or something. So sysinternals is now random MS hires but I like to think it's still not really a microsoft product, just owned and mantained by them.
I was a windows user till XP came out and I've missed sysinternals tools. I'm going to enjoy this on my newer kernel machines. Seems to require some pretty cutting edge features.
K2h
2 hours ago
[ - ]
Awesome you knew their names! I have connected with Bryce through his development of Go Map!! For open street maps.
A Linux version of the Procmon Sysinternals tool
(github.com)
86 points
by: LelouBil
9 hours ago
17 comments
holowoodman
9 minutes ago
[ - ]
How is this different from using 'htop' and pressing 's' to strace a process?
perching_aix
7 hours ago
[ - ]
If this works remotely as well as the Windows version, I'm stoked. Polling for information (like with lsof) really rubs me the wrong way.
0x696C6961
6 hours ago
[ - ]
Check out sysdig.
calvinmorrison
7 hours ago
[ - ]
really? i have to use procman and associated utilities often and they really pale in comparison with linux and even moreso other unix utils (like dtrace)
sirjaz
5 hours ago
[ - ]
Windows Server 2025 supports dtrace out of the box: https://learn.microsoft.com/en-us/windows-server/administrat...
cyberpunk
57 minutes ago
[ - ]
This really is the weirdest timeline…
lll-o-lll
3 hours ago
[ - ]
dtrace is more comparable to ETW in windows land. Procmon is more for quick and dirty analysis. Maybe there are other *nix tools that are more appropriate, but I look forward to trying this one out.
perching_aix
6 hours ago
[ - ]
Care to expand on that? I'm similarly just forced to use Linux and its tooling ecosystem, so decent chances I'm simply missing what's cool/cooler.
INTPenis
55 minutes ago
[ - ]
This is great but it's kinda sad the INSTALL.md file was updated 2 months ago and it still doesn't work. Won't anyone report these issues?
notepad0x90
6 hours ago
[ - ]
does this provide telemetry not available with strace?
And is the output csv/logfile compatible with the windows equivalent? If so, that'd be amazing! tools like procdot can analyze/visualize the data:
https://procdot.com/
fennec-posix
5 hours ago
[ - ]
This feels like a TUI front-end for strace, but I'm not complaining. This I think will come in handy.
fennec-posix
4 hours ago
[ - ]
Though interestingly, seems to use its own eBPF library
baranul
5 hours ago
[ - ]
Expect Microsoft to come out with more Linux tools. The demand, interest, and requests are likely to only increase.
notepad0x90
1 hour ago
[ - ]
They have one of the largest Linux user base out there in Azure. They have their own distro. My favorite Linux memory forensics tool (AVML) is made by them. Sysmon for Linux uses eBPF which makes it a tad-bit more powerful than auditd,etc..
If you can't beat'em join'em!
maldonad0
3 hours ago
[ - ]
Looks like btop but M$.
superkuh
3 hours ago
[ - ]
The sysinternals guys (Mark Russinovich and Bryce Cogswell) and code, at least most of it, existed independently of microsoft for many years. It was great. So great MS bought it and brought it and them inside. Russinovich is CTO of Azure now or something. So sysinternals is now random MS hires but I like to think it's still not really a microsoft product, just owned and mantained by them.
I was a windows user till XP came out and I've missed sysinternals tools. I'm going to enjoy this on my newer kernel machines. Seems to require some pretty cutting edge features.
K2h
2 hours ago
[ - ]
Awesome you knew their names! I have connected with Bryce through his development of Go Map!! For open street maps.