in this fork you **should** be able to just build procmon as below on arch linux
BUT FIRST compile the sysinternalsEBPF from the original github repo: https://github.com/microsoft/SysinternalsEBPF/blob/main/BUILD.md (i swear its just 3 or 4 commands)
Process Monitor (Procmon) is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system.
Please see build instructions here.
Usage: procmon [OPTIONS]
OPTIONS
-h/--help Prints this help screen
-p/--pids Comma separated list of process IDs to monitor
-e/--events Comma separated list of system calls to monitor
-c/--collect [FILEPATH] Option to start Procmon in a headless mode
-f/--file FILEPATH Open a Procmon trace file
-l/--log FILEPATH Log debug traces to fileThe following traces all processes and syscalls on the system:
sudo procmonThe following traces processes with process id 10 and 20:
sudo procmon -p 10,20The following traces process 20 only syscalls read, write and open at:
sudo procmon -p 20 -e read,write,openatThe following traces process 35 and opens Procmon in headless mode to output all captured events to file procmon.db:
sudo procmon -p 35 -c procmon.dbThe following opens a Procmon tracefile, procmon.db, within the Procmon TUI:
sudo procmon -f procmon.db- Ask a question on Stack Overflow (tag with ProcmonForLinux)
- Request a new feature on GitHub
- Vote for popular feature requests
- File a bug in GitHub Issues
If you are interested in fixing issues and contributing directly to the code base, please see the document How to Contribute, which covers the following:
- How to build and run from the source
- The development workflow, including debugging and running tests
- Coding Guidelines
- Submitting pull requests
Please see also our Code of Conduct.
Copyright (c) Microsoft Corporation. All rights reserved.
Licensed under the MIT License.