If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
Watch boot
On 4/14/2018 7:49 AM, Freeple wrote:
I tried that ProcMon but it did not work. All, I am asking in the Win XP area since I need one of these boot monitors for WIn XP Pro. I'd take a look at bootvis https://en.wikipedia.org/wiki/BootVis http://www.majorgeeks.com/files/details/bootvis.html |
Ads |
#17
|
|||
|
|||
Watch boot
BootVis does not work with my Win XP pro. I think my rev is later than the one stated as working with the BootVis I downloaded. |
#18
|
|||
|
|||
Watch boot
Freeple wrote:
BootVis does not work with my Win XP pro. I think my rev is later than the one stated as working with the BootVis I downloaded. I was worried about this initially too, but when I tried BootVis on my WinXP SP3 system (installed from disc as SP3), BootVis worked, and I was quite impressed with the results. Microsoft has made many over-the-top whizzy alternatives since then, but those tools were only intended to further the resume of the guy who wrote them. BootVis was at least a little focused on an actual question people might have. BootVis is probably using ETW events like Process Monitor from Sysinternals would. Does Process Monitor at least create a trace when you run it ? As that would prove your ETW was working. And Process Monitor, the mechanism used, shows us at least one failure mechanism. Process Monitor, if it's asked to do a boto trace, places a procmon23.dll type file, with an attribute of "hidden", in the system folder. And for some reason, that method isn't entirely reliable. It's almost like the file isn't getting loaded at boot time or something. BootVis must have a mechanism of its own - and the number of mechanisms available (to start at trace at T=0) is limited. If you want a trace to start really early, hooking a Start folder wouldn't be sufficient. Maybe Googling on BootVis and checking what mechanism is uses at T=0, would explain why it doesn't work. I haven't been able to figure out why the ProcMon23 thing doesn't work. No idea. And turning on boot logging here, has never shown any useful information about issues like that. Paul |
#19
|
|||
|
|||
Watch boot
Will try ProcMon later today but from the help: Note: network events, which are based on ETW (Event Tracing for Windows), are not available in boot logs. Mine is: Procmon.exe 2,510,526 2014-03-06 23:53 v3.10 You say ProcMon23.exe. Where do I get that ? |
#20
|
|||
|
|||
Watch boot
Freeple wrote:
Will try ProcMon later today but from the help: Note: network events, which are based on ETW (Event Tracing for Windows), are not available in boot logs. Mine is: Procmon.exe 2,510,526 2014-03-06 23:53 v3.10 You say ProcMon23.exe. Where do I get that ? That's a DLL that procmon.exe leaves behind in the system folder. And it only happens in ProcMon if you select boot logging. Paul |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|