none
Access Resouce Monitor (Network Actitivy) data programmatically

    Question

  • I really need to get data that is displayed in Resource Monitor on Network tab in "Network Actitivy" from my programm (I need get network activity for particular processes). Is there any programmatical way for that? M.b. API?
    Friday, January 15, 2010 10:56 AM

Answers

All replies

  • You can use ETW tracing to get all the network activity data in Resouce Monitor. The events you are looking for are TcpIp/Udp Send and Receive events.

    Here are some of the event schema.
    TcpIp_SendIPV4: http://msdn.microsoft.com/en-us/library/aa964829(VS.85).aspx
    UdpIp_IPV6: http://msdn.microsoft.com/en-us/library/aa964856(VS.85).aspx

    Some important ETW Tracing APIs are OpenTrace/CloseTrace/EnableTraceEx/ProcessTrace. You can find more info here: http://msdn.microsoft.com/en-us/library/aa364158(VS.85).aspx

    Hope this helps.

    Thursday, February 18, 2010 12:04 AM
    Answerer
  • You can use ETW tracing to get all the network activity data in Resouce Monitor. The events you are looking for are TcpIp/Udp Send and Receive events.

    Here are some of the event schema.
    TcpIp_SendIPV4: http://msdn.microsoft.com/en-us/library/aa964829(VS.85).aspx
    UdpIp_IPV6: http://msdn.microsoft.com/en-us/library/aa964856(VS.85).aspx

    Some important ETW Tracing APIs are OpenTrace/CloseTrace/EnableTraceEx/ProcessTrace. You can find more info here: http://msdn.microsoft.com/en-us/library/aa364158(VS.85).aspx

    Hope this helps.


    Very useful. Is the usage of ETW API the same or different from each other according to different versions of Windows? Do I have to research on each API on different version?
    Thursday, June 24, 2010 1:24 PM
  • Hi Michelle,

    No, the usage of ETW API is the same for XP/Vista/Windows 7. As long as it works on one version of Windows, it will work on others as well.

     

    Thursday, June 24, 2010 6:25 PM
    Answerer
  • Hi Xingchi, Micheele is just a spam bot. Mouse over the "tracing" word in the quoted reply and you will notice a hidden link is added. It is for creating a back link from Microsoft domain for promoting another web site.

    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP

    Monday, January 31, 2011 5:02 AM