[x]

Site Alert(s):

Server maintenance Saturday Nov 22, 2008, 12:00 PM - 3:00 PM. The Knowledge Center will be unavailable during this time.

[x]

Site Alert(s):

Server maintenance Saturday Nov 22, 2008, 12:00 PM - 3:00 PM. The Knowledge Center will be unavailable during this time.

Knowledge Center Home
> CTX111408

Rate this Article:

Article Feedback

Print View

Alternate Languages: N/A

ProcessHistory v1.1 for 32-bit and 64-bit platforms

Document ID: CTX111408 / Created On: Oct 26, 2006 / Updated On: Nov 2, 2007

Average Rating:

Download ProcessHistory11.zip

View products this document applies to

ProcessHistory
Version 1.1

Created Date: 10/15/2006
Updated Date: -

Description

ProcessHistory tracks process creation and exit, thread creation, and termination and also modules (DLL, OCX, and so on) and their loading and unloading. This tool is invaluable in monitoring processes, their threads and components.

ProcessHistory complements:

• CTX106985 - WindowHistory 4.0 for 32-bit platforms

• CTX109235 - WindowHistory64 4.0 for x64 platforms

• CTX111068 - MessageHistory 2.0 for 32-bit and 64-bit platforms

• Common Diagnostics Facility (CDF)

The tool has a simple and intuitive interface:

Features:

• Simple interface, similar to WindowHistory.exe

• 32-bit and 64-bit versions (ProcessHistory.exe and ProcessHistory64.exe)

• 64-bit version can track information from native 64-bit applications

• Both 32-bit and 64-bit versions can be run at the same time to capture complete process information about 32-bit processes on 64-bit system

• Can be used in conjunction with WindowHistory and MessageHistory for troubleshooting complex seamless and GUI scenarios

• Formatted output is sorted and includes process and thread ID, parent process ID, process and thread creation and termination times, module address range and load/unload times, and so on

How to Use ProcessHistory

To start a capture, select options, click the Start button and it changes to a Stop button. The dialog can be minimized after that.

Stop the capture at any time using the Stop button and wait until the information is formatted and displayed (1 to 5 seconds – depending on the processor speed):

After formatting, copy the output to Notepad and save it for later analysis by Citrix Technical Support personnel.

To quickly copy captured information, use the right-click pop-up menu and select the Save All menu item to select all formatted output.

Use the right-click pop-up menu and select the Copy menu item to copy information to clipboard.

Either copy/paste the output or use the Save button to save the output to a text file.

Below is a fragment from ProcessHistory.exe and ProcessHistory64.exe showing a 32-bit process WindowHistory.exe start and exit together with thread information and loaded modules:

ProcessHistory.exe (32-bit):

PID: 8bc Process name: WindowHistory.exe
    Parent PID: 8c0
    First time recorded: 16:52:23:93
    Finished: 16:53:7:0
    Threads:

       TID: 488 First time recorded: 16:52:25:156 Finished: 16:52:39:968
       TID: 96c First time recorded: 16:52:23:93 Finished: 16:53:7:0
       TID: b58 First time recorded: 16:52:47:390 Finished: 16:53:1:578

Modules:

       ADVAPI32.dll 0x77F50000 - 77FEC000 C:\W2K3\syswow64\ADVAPI32.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       COMCTL32.dll 0x77530000 - 775C7000 C:\W2K3\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.1830_x-ww_1B6F474A\COMCTL32.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       GDI32.dll 0x7D800000 - 7D890000 C:\W2K3\syswow64\GDI32.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       MSCTF.dll 0x4B8D0000 - 4B921000 C:\W2K3\SysWOW64\MSCTF.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       OLEAUT32.dll 0x00840000 - 008CC000 C:\W2K3\syswow64\OLEAUT32.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       RPCRT4.dll 0x7DA20000 - 7DB00000 C:\W2K3\syswow64\RPCRT4.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       SHELL32.dll 0x7C8D0000 - 7D0D4000 C:\W2K3\syswow64\SHELL32.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       SHLWAPI.dll 0x007E0000 - 00832000 C:\W2K3\syswow64\SHLWAPI.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       USER32.dll 0x7D930000 - 7DA00000 C:\W2K3\syswow64\USER32.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       WINSPOOL.DRV 0x73070000 - 73097000 C:\W2K3\system32\WINSPOOL.DRV First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       WindowHistory.exe 0x00400000 - 0072B000 C:\dmitri\WindowHistory\Debug\WindowHistory.exe First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       comctl32.dll 0x7DBD0000 - 7DCD3000 C:\W2K3\WinSxS\WOW64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.1830_x-ww_0213CDC8\comctl32.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       comdlg32.dll 0x762B0000 - 762FA000 C:\W2K3\syswow64\comdlg32.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       kernel32.dll 0x7D4C0000 - 7D5F0000 C:\W2K3\syswow64\kernel32.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       msvcrt.dll 0x77BA0000 - 77BFA000 C:\W2K3\syswow64\msvcrt.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       ntdll.dll 0x7D600000 - 7D6F0000 C:\W2K3\system32\ntdll.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       ole32.dll 0x77670000 - 777A4000 C:\W2K3\syswow64\ole32.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0
       tsappcmp.dll 0x71C20000 - 71C32000 C:\W2K3\system32\tsappcmp.dll First time recorded: 16:52:23:93 Unloaded: 16:53:7:0

ProcessHistory64.exe (64-bit):

PID: 8bc Process name: WindowHistory.exe
Parent PID: 8c0
First time recorded: 16:52:24:46

Finished: 16:53:7:0
Threads:

       TID: 488 First time recorded: 16:52:26:46 Finished: 16:52:40:0
       TID: 96c First time recorded: 16:52:24:46 Finished: 16:53:7:0
       TID: b58 First time recorded: 16:52:47:406 Finished: 16:53:1:578

Modules:

       WindowHistory.exe 0x0000000000400000 - 000000000072B000 C:\dmitri\WindowHistory\Debug\WindowHistory.exe First time recorded: 16:52:24:46 Unloaded: 16:53:7:0
       ntdll.dll 0x0000000078EC0000 - 0000000078FF9000 C:\W2K3\system32\ntdll.dll First time recorded: 16:52:24:46 Unloaded: 16:53:7:0
       wow64.dll 0x0000000078BE0000 - 0000000078C26000 C:\W2K3\system32\wow64.dll First time recorded: 16:52:24:46 Unloaded: 16:53:7:0
       wow64cpu.dll 0x0000000078B80000 - 0000000078B89000 C:\W2K3\system32\wow64cpu.dll First time recorded: 16:52:24:46 Unloaded: 16:53:7:0
       wow64win.dll 0x0000000078B90000 - 0000000078BDA000 C:\W2K3\system32\wow64win.dll First time recorded: 16:52:24:46 Unloaded: 16:53:7:0

Hints:

• ProcessHistory.exe can only log module information from 32-bit applications and ProcessHistory64.exe can only log module information other than WOW64, from 64-bit applications. Therefore, if you know that your application is 64-bit, you must use ProcessHistory64.exe, otherwise use ProcessHistory.exe.

• If you want to know window relationships and trace messages in addition to process and thread information on 32-bit platforms (or on 64-bit platforms when your application is 32-bit) run WindowHistory.exe and MessageHistory.exe simultaneously with ProcessHistory.exe.

• If you want to know window relationships and trace messages in addition to process and thread information on 64-bit platforms and your application is 64-bit run WindowHistory64.exe and MessaheHistory64.exe simultaneously with ProcessHistory64.exe.

Installing ProcessHistory

Download the archive to a local workstation, unzip and run the application from a command prompt or from within a session.

Uninstalling ProcessHistory

To uninstall this utility, delete ProcessHistory.exe and ProcessHistory64.exe

Disclaimer

These software applications are provided to you as is with no representations, warranties or conditions of any kind. You may use and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the software application may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software application fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software application. In no event should the code be used to support of ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE APPLICATION, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the code.

This document applies to:

Presentation Server 4.0 for Microsoft Windows 2003

Comment	Posted
Please host this useful tool somewhere else, it is SUCH a pain to use this citrix stuff, they even require javascript :(	May 1, 2007 by zorozoro
Please host this useful tool somewhere else, it is SUCH a pain to use this citrix stuff, they even require javascript :(	May 1, 2007 by zorozoro

Knowledge Center

Products

XenApp

XenApp Plugins (Clients)

XenServer

XenDesktop

NetScaler Application Delivery

Access Gateway

EdgeSight

Provisioning Server

WANScaler

Password Manager

>> View All Products

Does it work with Citrix? Verify it - introducing the new Citrix Ready Community Verified

Knowledge Resources