Process Explorer for WinCE: Powerful tool to uncover Windows CE System Runtime State

This is an introduction to my own writing a tool for monitoring the Windows CE runtime System State-windows CE Remote Process Explorer. I started developing the Windows CE platform in 2004, and I almost knew nothing about Windows CE, and I wrote this tool in my spare time to understand the system mechanism of Windows CE. So far, it has a considerable number of functions, but also to help me solve a lot of work problems. Brief Introduction

If you want to monitor each process under CE, the CPU usage of the thread, or wondering what module each thread is creating at any time, the thread's current call stack, or the use of the process heap after the application runs for a while, the distribution of memory fragments, and so on, this tool can give you an intuitive answer.

Windows CE Remote Process Explorer (hereafter referred to as CE Process Explorer) is a tool similar to Mark Russinovich's Process Explorer, except that it is applied to Windows CE system. Ce Process Explorer establishes a connection through Platform Manager and Windows CE device, as its name suggests, and as with Windows CE Remote File Viewer, CE process Explorer is a remote tool. Its host side runs on the PC, communicates with the transmission media such as TCP/IP and the device end to reveal the Windows CE Runtime System state. Unlike Mark's Process Explorer, CE Process Explorer is designed for developers of the WinCE platform and focuses on revealing the internal data of the system.Support PlatformAt present, CE Process Explorer support arm and X86 (including emulator) architecture, MIPS and SH4 architecture I did not use, temporarily can not support. The supported target operating systems include Windows CE 4.x/5.0, and support for Windows CE 6.0 is under consideration.Introduction to the interfaceAs the following illustration shows, similar to process Explorer, the main interface consists of the top and bottom two view. The view above shows the process list, and the following view displays the thread, Dll, Handle, Window, heap, or memory information for the currently selected process. Each view has a corresponding context menu, such as in Process view you can kill a process, in the thread view you can view the current call stack for one of the threads.


1,process View. A process with a light blue background is not a ROM module.


2,thread View. Threads with a light blue background are the main thread. In thread view you can see which module created each thread, which is very helpful for diagnosing problems.


3,handle View.


4,dll View. A DLL with a yellow background is a relocatable DLL.


5,window View. A window with a light blue background is a top-level window.


5,heap View. Light blue background free memory block.


7,memory View. In memory view you can see the layout of the entire system's virtual memory, you can find which are image file mappings, Thread Stack, Heap where, where the DLL is loaded, and so on.
some feature features (highlights)

1, display the thread call stack (called stack). This is one of my favorite features. It can display the call stack of any thread at run time, observing the working state of the thread. In the case of debug symbol, you can navigate directly to the source line of code.

2, the application's process heap view. Allows you to observe the application's use of the heap at all times, and the red part is fragmented.

3, locate the exception address (Crash Finder). Application crashes are common, and this feature allows you to navigate directly to the source line from the address of the exception generated.
Data Abort:thread = 87809d44 Proc = 818a7b20 ' INSTALLER. EXE '
Aky = 00000401 PC = 00012548 (INSTALLER. EXE + 0x00002548) RA = 00012530 (INSTALLER. EXE + 0x0
0002530) BVA = 16000000 FSR = 00000007