Timeline for Is it possible to use procmon to find out why a process ends?
Current License: CC BY-SA 4.0
6 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Sep 19, 2023 at 9:22 | comment | added | Fajela Tajkiya | @Robert It's not possible in my case. The software is a commercial one, and it's heavily tested on all supported OSs. The issue only happened on my laptop. I'm sure it will work in clean VMs. | |
| Sep 18, 2023 at 13:26 | comment | added | Robert | The common way is to install the software in a clean environment, e.g. a new Windows VM. Then you will see if it works or not. Or you use you current Windows and step-by-step close all applications and disable all services. | |
| Jun 12, 2023 at 3:39 | comment | added | Señor CMasMas | You might be able to create the right filters within procmon to see this behavior by watching what took place when. If you know how to use a proper debugger, you might also be able to debug when the WM_QUIT message comes in a debug the stack. This will be difficult but do-able. | |
| Jun 12, 2023 at 3:24 | comment | added | Fajela Tajkiya | This is a simplified scenario of my actual problem. I have installed an application. When I start it, it runs, and I can even see its splash windows. But after that, it exits immediately. I suspect it's one of the program on my computer killed it, but I don't have proof. | |
| Jun 12, 2023 at 2:16 | comment | added | Señor CMasMas | Procmon is not going to show you what took place inside the exe when it got the exit message. The message itself came from the kernel and because it was a windowed application, it recieved a WM_QUIT message in it's message queue and the application did what it was told. In the case of notepad, technically, you could watch the window messages using spy++ and see this behavior but I don't understand the point of this exercise. You have me intrigued. Perhaps someone has better info. | |
| Jun 12, 2023 at 0:19 | history | asked | Fajela Tajkiya | CC BY-SA 4.0 |