我试图找出在安装 msi 包期间是否发出了任何 http 请求。在我看来,发出 http 请求的过程与执行安装程序的过程没有任何血缘关系。
例如,我安装了一个在安装过程中进行 http 调用的应用程序。使用 SysInternals 进程监视器,我看到安装开始时创建的进程。使用 MS NetworkMonitor,我可以看到用于生成 http 请求的过程。事后在Process Monitor中过滤显示http进程和install进程之间没有关系。
我在想,无论何时发出 http 请求,操作系统都会以某种方式说要使用新进程。我最重要的要求是我能够将一个与另一个相关联,以便明确地说“此应用安装在安装期间调用了这些 http 资源”。所以我不必完全理解这一切在幕后是如何运作的,但是,我现在处于停滞状态。我得出的结论是,没有办法将两者联系起来。我错了吗?
Okay, let's assume that msiexec.exe invokes a helper and that helper invokes whatever is causing the HTTP traffic. Right after the first helper spawns the child it kills itself. This process is too short-lived to normally see the relationships here.
Enter the "Process Tree" feature of Process Monitor. Keep Process Monitor running without any filters on process events. After you are done you can then press Ctrl+T to see the Process Tree (see below).
The grayed icons tell you the process is not active anymore. Furthermore the last column is the end time of the process. But best of all you can see which process created which other process from this, even for very very short-lived processes.
Mark Russinovich, author of Process Monitor and its predecessors, demonstrated this at TechEd about a month ago.
Although this may not answer the question entirely, it should get you going in the right direction. After all Process Monitor also includes network activity filtering (albeit crude, compared to Network Monitor and Wireshark :)).
btw: the green bar in the above screenshot is the "timeline" where you can see the runtime of the process in relation to other processes. Very nifty.
您是否使用自定义操作来发出 Web 请求?Windows Installer 服务进程在与您的主设置实例不同的 MSIEXEC 实例中运行自定义操作。
更多信息在这里:http: //blogs.msdn.com/b/astebner/archive/2005/03/02/384088.aspx