Windows
 
Mac
 
Linux
 
iPhone
 
iPad
 
Android

RSS Feed

Please wait while my feed loads

See more posts...

Newsletter

Subscribe to either one of our two newsletters for regular updates and information

Downloads newsletter

This is a weekly newsletter with download news, updates and other information

This is a monthly newsletter with software store information, offers and deals

wtrace 1.3

A command-line process monitor

by Mike Williams

Our Rating:
Your Rating:
Login to rate
Based on 0 ratings
License: Freeware
Operating Systems: Windows 10, Windows 7 (32 bit), Windows 7 (64 bit), Windows 8
Requirements:
Languages: English
Software Cost: Free
Date Updated: 19 March 2017
Watchlist: Add download to my watchlist
Downloads To Date: 72
Developer: Sebastian Solnica
RSS News Feed: https://github.com/lowleveldesign.atom
Back up your data with Acronis True Image 2016 with a 1-PC LIFETIME license, only $34.99, saving 50%, from store.pcauthority.com.au
wtrace
A command-line process monitor

Wtrace is an open-source command line monitor which displays the file I/O, TCP/IP, ALPC and RPC actions (local and remote procedure calls) for a specific process.

Usage is simple, in theory at least. At a minimum, you can run the program from an elevated command line with the name of the process image - wtrace outlook.exe - and it displays file creates, reads, writes, closes, thread starts, procedure calls and more. Monitoring stops when the process closes or you press Ctrl+C.

One issue we noticed immediately is wtrace refused to monitor most processes when specified by name, giving the utterly useless non-specific error code 0x80004005. If you see the same, the workaround is to use the process ID instead (grab it from the PID column in Task Manager and enter something like wtrace 8012).

Once we'd got the program working, it ran without any issues. Actions were displayed in real time at the command line, like this.

1134,4316 (1072) FileIO/Create 'C:\' (0xFFFFFA801D789CA0) rw-
1135,2725 (1072) FileIO/Create 'C:\Windows\Prefetch\MSPAINT.EXE-B4A5B5E8.pf' (0xFFFFFA8023E185A0) ---
1135,5118 (1072) FileIO/Create 'C:\Windows' (0xFFFFFA8023E185A0) rw-
1135,5514 (1072) FileIO/Create 'C:\Windows\SYSTEM32\wow64.dll' (0xFFFFFA801D789CA0) rw-
1135,8384 (1072) FileIO/Close 'C:\' (0xFFFFFA801D789CA0)

When we closed the process, wtrace displayed summaries of various actions. For example, a === TCP/IP === section listed all detected connections with the source and destination IPs, and the total bytes sent and received.

You can take the program further with standard redirect and other tricks. Use - wtrace 14200 > log.txt - to save the output to disk, or use it with Findstr to filter it for specific text.

v1.3 changes:

Powershell support
More consistent output to make filtering easier - summary is printed as summary events

Verdict:

Process Monitor will be a better monitoring choice for most users, as it records more actions, has built-in filtering and a GUI for ease of use. But if you need a command line tool, RPC and ALPC reports or summaries for TCP/IP and other actions, wtrace could be handy too. Give it a try.

Your Comments & Opinion
 
Related Download Articles
 
Process Monitor

Process Monitor 3.33

Freeware

Find out exactly what the programs running on your PC are doing

Process Lister

NoVirusThanks Process Lister 1.2

Freeware

View & manipulate Windows processes

MultiMon

MultiMon Home Edition 3.00

Free, for personal-use only

Monitor file activity, Registry changes, more

Windows Service Master 1.0

Windows Service Master 1.0

Freeware

Find out more about the Windows services and drivers on your PC

Other Download Articles From This Category
Auslogics Disk Defrag Portable

Auslogics Disk Defrag Portable 7.1.5.0

Free, for personal-use only

Keep your hard drive in top condition with this powerful disk defragmentation tool

Auslogics Disk Defrag 7.1.5.0

Auslogics Disk Defrag 7.1.5.0

Free, for personal-use only

Keep your hard drive in top condition with this powerful disk defragmentation tool

Tablacus Explorer

Tablacus Explorer 17.7.26

Open Source

Browse your hard drive with this tabbed file manager

OutlookAttachView (64-bit)

OutlookAttachView 3.05 (64-bit)

Freeware

View your Outlook attachments, and clean up any you don't need

PC & Tech Authority Software News

Please wait while my feed loads

See more posts...

 

Spotlight: Free Full Software

WhatsApp Messenger 2.17.41

Free Full Commercial Software

WhatsApp Messenger is the world's most popular instant messaging app for smartphones.

You can use it to send and receive text and voice messages, photos, videos, even call your friends in other countries, and because it uses your phone's internet connection it might not cost you anything at all (depending on whether you'll pay data charges).

It's easy to set up and use. There's no need to create and remember new account names or pins because it works with your phone number, and uses your regular address book to find and connect you with friends who use WhatsApp already.

You can talk one-to-one or in group chats, and because you're always logged in there's no way to miss messages. Even if your phone is turned off, WhatsApp will save your messages and display them as soon as you're back online.

There's plenty more (location sharing, contact exchange, message broadcasting) and the app is free for a year, currently $0.99/ year afterwards.

What's New in Version 2.17.41

• Pin chats to the top of your chat list, so you can quickly find them. Just swipe right on a chat and tap the pin icon.
• You can now send documents of any type. To send a document, open a chat, tap attach — document. 
• When you receive multiple photos, you can now tap and hold on the group of photos to quickly forward or delete all of them.

[...]
Value:
Free
Rating: