These free tools have existed in developers tool-belt for decades. You can only go so far with the in-built Task Manager. On Windows platform, there are times when one has to troubleshoot problems related to file access, registry access, locks, CPU usage, memory usage etc. Sadly, uninstalling it required a reboot, no doubt to remove its old fashioned hooks into Explorer.Īfter the reboot, I tried to copy my innocent little text file again.Sysinternals Tools - Process Explorer and Process Monitor I decided that I didn’t really need TortoiseCVS installed and decided to try uninstalling it. Now for those of you who just knee-jerked into “why on earth are you using CVS?!?”, calm down! This is a story, and I’m telling the story. That was the only visible difference of significance in the logs. After the FileOperationPrompt references on my second machine, there was no reference to TortoiseCVS. Here’s what it looked like on the other machine: That’s right, I had a program called TortoiseCVS installed on this machine which hooked into Explorer in a variety of ways. I then compared the two logs. After scrolling back and forth around the many references to test.txt, I saw that on my dev machine, there was an additional interaction, right before the point where the prompt dialog was presented: I decided to also capture a trace on a machine where UAC prompting worked. This reduced the log considerably and made it easier to spot differences (my screen capture below shows the filtering after it was reset, however - I forgot to capture the filtered trace, sorry). You can see below two of the highlighted test.txt lines.īecause there was a lot going on, I filtered out a lot of Operations that I thought were not relevant, such as CloseFile, RegCloseKey, RegQueryKey, ReadFile and WriteFile, among others. This made it easy to spot nearby interactions that may have been related, even if they didn’t directly reference the test.txt file itself. I searched for the name of my text file ( test.txt), and used Procmon’s Highlight tool to highlight every reference to it in the Path column. All those secret coded winks and nose scratches that told Explorer to fob off any attempts to trigger a UAC prompt. Here’s what I was presented with in the Procmon log. I could have dragged and dropped, it would have had the same effect.īut now, with procmon, I had captured the communication that went on behind the scenes. I didn’t think the clipboard was at fault because all other UAC-required file operations also failed silently. I used the clipboard Ctrl C and Ctrl V to copy and paste (or attempt to paste) the file. It was just an innocent little text file, but Explorer of course acted like a Buckingham Palace Guard and silently and stolidly ignored its existence. Then I went ahead and tried to copy a file into C:\Program Files (x86). Note that all those Exclude filters are default filters setup by Procmon to exclude itself and its friends, removing that confusion from the logs. I wasn’t sure if Consent.exe was involved in the problem (Consent.exe being the UAC elevation prompter), but it wouldn’t hurt to include it to start with. But for some reason, it hadn’t crossed my mind until today that I could apply Procmon to this problem.įirst, I configured Procmon to filter all events except for those generated by Explorer.exe and Consent.exe. I use Process Monitor, Procmon for short, all the time to solve problems big and little. It was time to pull out Process Monitor out of my toolbox again! Process Monitor is a tool from the SysInternals Suite by Microsoft that monitors and logs details on a bunch of different operations on your computer. But today I finally got fed up.Īfter a quick search for the symptoms on Dr Google returned no results of significance, I decided I needed to trace the cause myself. So I’d always treated put this issue into my “too busy to solve this now” basket. My UAC settings were the Windows defaults. This led to all sorts of issues, from being unable to delete certain files - they’d just obstinately sit there, no matter how much I pressed that Del key - to trying to move folders containing a hidden Thumbs.db file and being unable to move the folder. One of my dev machines has long had a weird anomaly where file operations in Explorer that should prompt for UAC, such as copying a file into C:\Program Files, would instead silently fail.
0 Comments
Leave a Reply. |