Logging calls? Process Explorer?

I have a program that crashes on load. The author, who doesn't speak very good English, said it would help if I could log the calls it's making with "a tool like sysinternals" to see what the last call is before it crashes.

I'm assuming he means Process Explorer.

First, can anyone tell me if my guess is right on this?

Second, how do you go about logging a program that crashes and thus, doesn't appear in the list of processes when you run such a tool?

Any help would be greatly appreciated.

 

I would have said Process Monitor.

Blue

 

Okay, thanks but same questions then....

 

Download the application, read the help file (look at boot logging for example), and that should get you started unless I'm missing something.

Blue

 

Thanks Blue. The problem is that, for example, this is all that is said about "Logging":

---------------------------
Logging
By default, Process Monitor uses virtual memory to store captured data. Use the Backing Files dialog, which you access from the File menu, to configure Process Monitor to store captured data in files on disk. Enabling this option has Process Monitor log data to the disk in its native PML format as it captures it.

The Backing Files dialog also displays diagnostic information, including the number of events captured, processes defined and the capture thread's load status.
---------------------------

Not exactly a font of information there to tell me how to capture calls from a program that isn't even in the list itself. I was hoping someone with first-hand experience might be on Wilder's and be willing to provide a solid example of how this is done.

 

Just execute Process Monitor and enable "Capture Events" (it's there on the toolbar, and in the File menu too) if it isn't already enabled (if it is enabled, you'll immediately start seeing a long list of stuff in the Process Monitor window). It will start capturing them, so leave it running. Then execute the program that crashes on load. If it crashes, good. Then return to the Process Monitor window and stop capturing events. Tada, there's your log, and it's probably about 150 000 lines long, too. At that point, you might want to save the log file (use the PML format so you can reload the data in Process Monitor later if you feel like it).

Then, you can play with the data, using filter/highlight to look for the processes of your crashing program to see what it's doing and ignoring the "noise" from other processes.

 

Thanks Wind. Much appreciated.