文档翻译第002篇:Process Monitor帮助文档(Part 2)
【筛选与高亮显示】 Process Monitor提供了一些方式来配置筛选器和高亮显示。 筛选器的包含与排除 您可以在筛选器中指定事件的属性,这样就可以令Process Monitor仅显示或排除与您所指定的属性相匹配的事件。所有的筛选器都是无损检测,也就是说这仅会对Proc
【筛选与高亮显示】
Process Monitor提供了一些方式来配置筛选器和高亮显示。
筛选器的包含与排除
您可以在筛选器中指定事件的属性,这样就可以令Process Monitor仅显示或排除与您所指定的属性值相匹配的事件。所有的筛选器都是无损检测,也就是说这仅会对Process Monitor显示事件的方式产生影响,而不会影响潜在的事件数据。
当您选取了一项事件后,在“事件(Event)”菜单的“包含(Include)”与“排除(Exclude)”子菜单中就可以很容易地添加事件的其中一项属性到筛选器的包含与排除配置中。举例来说,如果只想显示某个指定名称的进程所生成的事件,可以选择“包含(Include)”子菜单中的进程名称。您也可以选择多项事件,并且为这些选定的事件中所包含的所有特别的值同时配置一个属性的筛选器。Process Monitor的“或”操作能够将所有相关的特定属性类型的筛选器集合在一起,而“与”操作则将所有不同属性类型的筛选器集合在一起。举例来说,如果您在筛选器中指定进程的名称为Notepad.exe和Cmd.exe,并且在筛选器中包含了一个名为C:\Windows的路径,那么Process Monitor仅仅只会显示源自指定路径即C:\Windows目录中的Notepad.exe或Cmd.exe的事件。
图15 “包含(Include)”与“排除(Exclude)”子菜单
在筛选器对话框中也有更多复杂的可使用的筛选选项,您可以通过选择“筛选器(Filter)”菜单中的“筛选器(Filter)”菜单项或者点击工具栏上的筛选器按钮来打开筛选器对话框。筛选器条目由一个属性域(如认证ID,进程名称等)、一个比较操作符、一项属性值以及筛选类别(包含或排除)所组成。为了方便起见,在当前加载的跟踪数据中,Process Monitor会自动在下拉列表中列出在已加载的追踪数据中出现的属性值,但是您也可以输入任意值。复选框能够使您很容易地禁用指定的筛选器条目,而不需要删除它们。
图16 Process Monitor筛选器对话框
上下文菜单筛选
如果您在Process Monitor中用鼠标右键点击一个条目,则会显示一个上下文菜单,您就能够查看该条目的属性或配置一个基于该条目属性的筛选器。更进一步,快速筛选项能够依据您所点击的列的值,被添加到菜单中。
图17 上下文菜单筛选
破坏性的筛选
在默认情况下,Process Monitor适用于数据显示,并不会保存某些项。这能够使您改变筛选器从而获取不同的方式来显示数据,而不会对已经排除的数据造成影响。然而,您可以配置Process Monitor来删除一些数据,也就是利用筛选器通过切换到破坏性筛选方式,来排除当前捕获的一些数据,您可以通过选择“筛选器(Filter)”菜单中的“排除筛选掉的事件(Drop Filtered Events)”来实现。
图18 破坏性筛选
包含来自窗口的进程
工具栏中包含了一个形状如同一个靶子的按钮,您可以把它拖放到一个窗口中,这样您就可以将该窗口所拥有的进程的进程ID添加到Process Monitor 的“包含(Include)”筛选器中。
图19 “从窗口中包含进程”按钮
基本模式与高级模式的对比
“筛选器(Filter)”菜单的“允许高级输出(Enable Advanced Output)”菜单项能够控制Process Monitor是运行在基本模式还是高级模式下。当在基本模式下时,Process Monitor能够在显示中配置内置的筛选器来排除与系统相关的活动,并为内部文件系统操作选取直观的名称。举例来说,当在基本模式下的时候,Process Monitor将内部的IRP_MJ_READ操作作为“读取(Read)”操作来看待。基本模式使得输出内容阅读起来十分方便,省略了应用故障中的不相关的事件。
图20 允许高级输出
筛选器的存储与读取
一旦您配置完成了一个筛选器,您可以选择“筛选器(Filter)”菜单中的“保存筛选器(Save Filters)”菜单项进行保存。Process Monitor为了便于您下次的使用,它会将您保存的筛选配置保存到“读取筛选器(Load Filter)”菜单,并且您还可以选择“筛选器(Filter)”菜单中的“管理筛选器(Organize Filter)”来打开管理筛选器对话框,从而改变筛选器在菜单中的显示顺序。您可以使用管理筛选器对话框来重命名已经保存的筛选器,还能够很方便地以一定的格式来输出筛选器,这样以后您就可以在其它系统上利用管理筛选器对话框进行筛选器的导入了。
图21 管理筛选器对话框
高亮显示
ProcessMonitor的高亮显示筛选器能够使您指定事件的属性,从而令一个事件以高亮的颜色进行显示。“事件(Event)”菜单中的“高亮显示(Highlight)”子菜单能够使您快速访问已定义高亮显示的筛选器条目,并且“事件(Event)”菜单中的“高亮显示(Highlight)”菜单条目也能够打开高亮显示筛选对话框,其操作与包含/排除筛选对话框相似。您可以通过点击高亮显示筛选对话框中的“添加筛选器(Add Filter)”按钮,从而将高亮显示筛选器转化为包含筛选器。
图22 高亮显示筛选对话框
当一个高亮显示效果生效以后,您可以使用F4键在所显示的事件中选择下一个高亮显示的条目。按下Shift+F4键能够转换选择的方向。
【进程树】
“工具(Tools)”菜单中的“进程树(ProcessTree)”菜单条目能够打开进程树对话框,它能够分层次地显示由加载的追踪事件所引用的所有进程,从而反映他们的父子关系。拥有相同父进程的进程会依据它们开始时间进行排序。在窗口左侧的进程的父进程,没有在追踪中留下任何事件。
当您在进程树中选择了一项进程后,Process Monitor就获得了关于该进程数据的子集,比如它的映像地址,用户账户与开始时间,这些会在对话框的底部显示出来。如果您想查看更多关于进程的信息,可以点击“转到事件(Go To Event)”按钮,它可以使得Process Monitor在运行进程的追踪中定位并选择第一条可见项。需要注意的是,通过使用筛选器从视图中排除指定进程的所有事件,可以阻止指定操作的完成。
图23 进程树对话框
【追踪摘要工具】
Process Monitor包含了一些对话框,能够使您在追踪中收集事件,实现简单的数据挖掘操作。
系统细节
ProcessMonitor能够捕获一些在追踪中收集到的关于系统的信息,包括机器名称、系统根目录以及您的操作系统是32位还是64位的。Process Monitor将它们存储在了日志文件中,您可以通过“工具(Tools)”菜单中的系统细节对话框来访问这些信息。
图24 系统细节对话框
事件计数
在“工具(Tools)”菜单中可以打开事件计数对话框。它显示了您所指定的属性类型在追踪记录中可见的唯一值,连同在追踪记录中包含这个值的事件出现的次数。
图25 事件计数对话框
进程摘要
这个对话框汇总了追踪到的进程,包括它们的进程ID、映像名称以及命令行等。
图26 进程摘要对话框
文件摘要
文件摘要对话框列出了所有经过筛选追踪后的唯一的文件系统路径,文件用于执行输入/输出操作的总时间,路径引用的事件数目以及不同操作类型的数量。
图27 文件摘要对话框
注册表摘要
注册表摘要对话框列出了在追踪筛选中展示出来的所有唯一的注册表路径,注册表用于执行输入/输出操作的总时间,路径引用的事件数目以及不同的操作类型计数。
图28 注册表摘要对话框
网络摘要
网络摘要对话框列出了所有唯一的在筛选追踪中展示出来的目的IP地址,以及不同类型的事件数目,包括发送与接收到每一个地址。
图29 网络摘要对话框
栈摘要
使用栈摘要对话框可以查看追踪每一个进程所得出的单独的栈的实例,包括栈追踪的次数以及在同一个事件追踪中所耗费的总时间。
图30 栈摘要对话框
交叉参考摘要
这个对话框显示了由一个进程写入以及由另一个进程读取的路径。
图31 交叉参考对话框
【选项】
在“选项(Options)”菜单中有一些设置项可以改变Process Monitor的行为。
图32 选项菜单
保持在最顶端(Always on Top)
选中这个选项能够使得ProcessMonitor的窗口保持在其它窗口的顶端。
字体(Font)
这个选项能够打开一个字体选择对话框,您可以在这个对话框中选择Process Monitor所显示的字体。
图33 字体选择对话框
高亮颜色(HighlightColors)
选择这个条目可以打开一个对话框,用于选择Process Monitor为条目所使用的文本和背景的颜色,这可由高亮筛选器进行配置。
图34 选择高亮颜色对话框
配置符号(Configure Symbols)
ProcessMonitor能够使用符号信息,如果可用的话,可以显示所引用事件栈的函数名称。您能够在MicrosoftDebugging Tools for Windows网页找到配置符号信息。
图35 配置符号对话框
历史深度(History Depth)
ProcessMonitor能够查看提交内存的使用情况,当虚拟内存过低时,就将其自身关闭,但是历史深度对话框可以使您限制它所保留的条目的数量,以便您可以让Process Monitor运行一个很长的周期并确保它时常保留着最新的事件。
图36 历史深度对话框
分析事件(ProfilingEvents)
使用这个菜单条目能够打开线程分析配置对话框,在这里您能够分析线程并且为事件生成的线程分析作出评价。当线程分析不可用的时候,Process Monitor能够在追踪中捕获线程栈以及CPU设备,这样您可以分辨与CPU相关的操作事件的源头。
图37 线程分析选项
启用引导日志记录(Enable Boot Logging)
使用这个选项可以配置Process Monitor的引导日志。
图38 引导日志选项
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What should I do if the translation web page that comes with the Edge browser is missing?
Mar 14, 2024 pm 08:50 PM
The edge browser comes with a translation function that allows users to translate anytime and anywhere, which brings great convenience to users. However, many users say that the built-in translation webpage is missing. Then the edge browser automatically What should I do if the translation page I brought is missing? Let this site introduce how to restore the translated web page that comes with the Edge browser if it is missing. How to restore the translation webpage that comes with the Edge browser is missing 1. Check whether the translation function is enabled: In the Edge browser, click the three dots icon in the upper right corner, and then select the "Settings" option. On the left side of the settings page, select the Language option. Make sure "Translate&rd"
Insufficient memory or disk space to repagin or print this document Word error
Feb 19, 2024 pm 07:15 PM
This article will introduce how to solve the problem of insufficient memory or disk space to repage or print the document in Microsoft Word. This error usually occurs when users try to print a Word document. If you encounter a similar error, please refer to the suggestions provided in this article to resolve it. Insufficient memory or disk space to repage or print this document Word error How to resolve the Microsoft Word printing error "There is not enough memory or disk space to repage or print the document." Update Microsoft Office Close memory-hogging applications Change your default printer Start Word in safe mode Rename the NorMal.dotm file Save the Word file as another
Don't worry about watching movies without subtitles! Xiaomi announces the launch of Xiaoai Translation real-time subtitles for Japanese and Korean translation
Jul 22, 2024 pm 02:11 PM
According to news on July 22, today, the official Weibo of Xiaomi ThePaper OS announced that Xiaoai Translation has been upgraded. Real-time subtitles have been added to Japanese and Korean translations, and subtitle-free videos and live conferences can be transcribed and translated in real time. Face-to-face simultaneous interpretation supports translation into 12 languages, including Chinese, English, Japanese, Korean, Russian, Portuguese, Spanish, Italian, French, German, Indonesian, and Hindi. The above functions currently only support the following three new phones: Xiaomi MIX Fold 4 Xiaomi MIX Flip Redmi K70 Extreme Edition It is reported that in 2021, Xiao Ai’s AI subtitles will be added to Japanese and Korean translations. AI subtitles use Xiaomi’s self-developed simultaneous interpretation technology to provide a faster, more stable and accurate subtitle reading experience. 1. According to the official statement, Xiaoai Translator can not only be used in audio and video venues
How to add redline to Word document
Mar 01, 2024 am 09:40 AM
It is 395 words, which is 495. This article will show you how to add red lines in Word documents. Redlining a document refers to making modifications to the document so that users can clearly see the changes. This feature is very important when multiple people are editing a document together. What redline means Marking a document Redlining means using red lines or callouts to indicate changes, edits, or revisions to a document. The term was inspired by the practice of using a red pen to mark printed documents. Redline comments are widely used in different scenarios, such as clearly showing recommended changes to authors, editors, and reviewers when editing a document. Propose changes and modifications in legal agreements or contracts Provide constructive criticism and suggestions on papers, presentations, etc. How to give W
How to translate Sogou browser
Feb 01, 2024 am 11:09 AM
How does Sogou browser translate? When we usually use Sogou browser to check information, we will encounter some websites that are all in English. Because we can’t understand English, it is very difficult to browse the website. This is also very inconvenient. It doesn’t matter if you encounter this situation! Sogou Browser has a built-in translation button. With just one click, Sogou Browser will automatically translate the entire webpage for you? If you don’t know how to operate it, the editor has compiled the specific steps on how to translate it on Sogou Browser. If you don’t know how, follow me and read on! How to translate Sogou Browser 1. Open Sogou Browser, click the translation icon in the upper right corner 2. Select the type of translation text, and then enter the text that needs to be translated 3. Sogou Browser will automatically translate the text. At this point, the above Sogou Browsing operation is completed. How to translate all contents
Can't open hyperlink in word document
Feb 18, 2024 pm 06:10 PM
In recent years, with the continuous development of network technology, our lives are inseparable from various digital tools and the Internet. When processing documents, especially in writing, we often use word documents. However, sometimes we may encounter a difficult problem, that is, the hyperlink in the word document cannot be opened. This issue will be discussed below. First of all, we need to make it clear that hyperlinks refer to links added in word documents to other documents, web pages, directories, bookmarks, etc. When we click on these links, I
Word document is blank when opening on Windows 11/10
Mar 11, 2024 am 09:34 AM
When you encounter a blank page issue when opening a Word document on a Windows 11/10 computer, you may need to perform repairs to resolve the situation. There are various sources of this problem, one of the most common being a corrupted document itself. Furthermore, corruption of Office files may also lead to similar situations. Therefore, the fixes provided in this article may be helpful to you. You can try to use some tools to repair the damaged Word document, or try to convert the document to another format and reopen it. In addition, checking whether the Office software in the system needs to be updated is also a way to solve this problem. By following these simple steps, you may be able to fix Word document blank when opening Word document on Win
How to solve the problem that Google Chrome's built-in translation fails?
Mar 13, 2024 pm 08:46 PM
Browsers generally have built-in translation functions, so you don’t have to worry about not being able to understand when browsing foreign language websites! Google Chrome is no exception, but some users find that when they open the translation function of Google Chrome, there is no response or failure. What should they do? You can try the latest solution I found. Operation tutorial: Click the three dots in the upper right corner and click Settings. Click Add Language, add English and Chinese, and make the following settings for them. The English setting asks whether to translate web pages in this language. The Chinese setting displays web pages in this language, and Chinese must be moved to the top before it can be set as the default language. If you open the webpage and no translation option pops up, right-click and select Translate Chinese, OK.
