[alpb]

Something that is really cool about Sysinternals tools are that they have a pretty usable GUI (granted, once you need to understand what does each UI icon do). Mimicking this experience in the TUI/terminal would certainly be a challenge. I would love to have a Procmon and ProcessExplorer equivalent with the GUI on Linux and macOS.

[a-dub]

i always thought of the sysinternals tools as like the missing tools that just ship with unix systems.

without them, there was no real visibility into open file descriptors, network ports, command lines for running processes, thread trees for processes or any of the rest.

the gui was always just the windows way of presenting it. bringing a gui when the rich tools already exist on linux seems ... redundant?

(seeing this brings back nightmares from windows admins who refused to install sysinternals tools on production machines)

[themulticaster]

This was my reaction as well.

I haven't used Process Monitor/Process Explorer for a while, are they bringing anything to the table that's not covered by htop? With htop, I can even start tracing a process (using strace) or list the file opened by a process (using lsof) right inside htop. As might be obvious by now, I think htop has a fantastic TUI that also fits its use case very well.

Of course there are other tools that allow deep introspection into what's really going on aside from htop. Another favorite of mine would be perf top, which uses the sampling profiling mechanism to profile the entire system (including the kernel) on a symbol/instruction level. In other words, you don't just see that 30% of CPU time is spent in /usr/bin/cpu_hog, you also see that the time is spent in some_symbol and you can jump right in and see disassemble some_symbol (as long as cpu_hog is not stripped).

[wander_homer]

Maybe I'm wrong, but I don't think htop can do things like: list every process which opened a certain file for read, how much bytes have been read at which offset in each case and how the threads stack frames locked like at the time. Then revert that filter and follow some hint to some other events, e.g. what network operations did a certain process do in a certain period of time.

[oblio]

> With htop, I can even start tracing a process (using strace) or list the file opened by a process (using lsof) right inside htop.

Hmmm... didn't know it could do that.

[saagarjha]

Not sure about the Sysinternals, but I've found that a GUI can be quite useful for tools like these, especially when you want to do things like select multiple rows (generally fiddly with TUI interfaces) or draw more complex graphs. And, of course, a GUI usually brings all the disparate tools together into one package.

[saagarjha]

It's not quite inspired by the Sysinternals tools, but I'm working on something like this for macOS. An early beta should be released soon™ (read: when I stop procrastinating on polishing some of the last important bits I want to finish before then).