"Translated from MOS article" using process Monitor to track system calls under Windows (Systems calls)

Reference from:

Tracing Windows system calls via Process Monitor-truss equivalent for Windows (DOC ID 1447085.1)

Suitable for:

Oracle database-enterprise edition-version 8.1.7.0 to 11.2.0.3 [Release 8.1.7 to 11.2]
Information in this document applies to any platform.

Solution:

1. Process Monitor Introduction:

Process Monitor is an advanced monitoring tool under Windows that can display real-time file systems, registry, process, and thread activity.
The process Monitor features a wide range of event properties, such as session IDs, user name, trusted process information, and all thread stacks with integrated symbol support for each operatio N, synchronously writes the log to the file and so on.

2. Download the Process Monitor:
http://technet.microsoft.com/en-us/sysinternals/bb896645

3. The work of Process Monitor:

When you start Process Monitor, Process Monitor initiates a trace of the system calls from all running application.
The following is a list of the monitored event classes
-File System
-Network
-Process
-Profiling
-Registry

For each event,process monitor, the following information is displayed:

Action: the operation being performed.
Path: The location of the operation, such as file path, or registry key (registry key).
Result: The result of the operation.
Details: The more detailed step of the operation.

4. Ways to track individual application

Process Monitor provides a very rich filtering capability that allows the user to narrow down the trace to a specified standard.

Use one of the following methods to create a filter:
-Open Filter Menu > Select filter.
-Click Ctrl+l
-Click the filter icon (cone) from the toolbar.

When you open a filter windows, follow the steps below:
A. From the first drop list, select Process name, or select PID
B. From second drop list, select operator (operator)
C. Fill in the process name or PID
D. Click the Add button

5. Fast Application Tracing

In order to quickly trace a application (different from writing down the filter manually), click the Sniper icon and then drag to the App window.

6. Track a separate thread

Each Oracle process was represented as a Windows Thread, invoked by a single Windows process.
To trace a single thread, select TID, then write down the thread ID and click Apply.
To get the Oracle session thread ID, Join v$session and v$process to get SPID, which maps to Windows thread ID:

Select A.username, A.osuser, B.spidfrom v$session A, v$process bwhere a.paddr = B.addrand a.username is not null;

7. Resetting the filter. To reset the filter and return to application default, does any of the following:1. From Filter menu, select Reset filter.2. Press Ctrl+r 8. Further reading. For more information about Process Monitor utility, please check utility's help, by clicking the Help menu.

"Translated from MOS article" using process Monitor to track system calls under Windows (Systems calls)