Kieranread
This is as simple as I can make it:
Process Monitor Simple:
INSTALL
Download Process monitor (.zip) from here:
http://technet.microsoft.com/en-au/sysi ... 96645.aspx
extract the zip file to a folder of your choice, and right click (run as administrator) on Procmon.exe to launch the tool.
RUN
To stop or start data capture use CTRL + E or "FILE capture Events"
Do this BEFORE starting TS 2013
Minimise to Task Bar
Start TS 2013 as normal run the scenario as usual
Wait until it crashes (note time exactly)
Maximise Process Monitor
STOP DATA CAPTURE
Stop Data Capture – CTRL + E again
FILTER
Now we need to Filter the Results
You can filter information in two ways. I will describe only one method, as to me it’s the simplest:
Select FILTER\FILTER from the menu
• Select “Process Name” from the Column list box
• Select “is” from the Relation list box
• Type “Railworks.exe” in the Value text box
• Select “Include” from the Action list box
• Click on the Add button
• Click on Apply and OK
Now, we know we are NOT looking (INITIALLY – will put back later) for a registry issue so look at the data list and right click on any of the following and choose "EXCLUDE":
RegOpenKey”, RIGHT click “Exclude”, and click “Operation”.
Repeat this process for the other registry values:
RegQueryValue,
RegCloseKey, and
RegEnumValue.
RegSetInfokey and do this for any value prefixed reg
We can filter these back in later if needed.
This filter is not definitive later down the track I will refine it further but at the moment it gives the info we are after. Removing some of the filters removes all of the data and that's not good, eg all the Windows entries!! The antivirus entries should be checked to make sure they are not the culprit.
Now only entries pertaining to Railworks.exe will be displayed.
Now Select "FILE" and SAVE and choose the path and name that you want saved it will be saved as a pml file that process monitor can identify.
DATA ANALYSIS
Now let us look at the data:
Knowing the time of the crash scroll to the bottom of the data (which is where the crash which will take some time and note any error message(s) at the error and note this/those down.
We also need to look at the ASSETS\KUJU\RAILSIMULATOR entries
Select EDIT then FIND and type in the box and type in Assets\kuju\railsimulator and press find.
Scroll down these entries – there will be a lot – Looking in the RESULT Column for the entries
Access Denied,
Sharing Violation,
Name Collision,
Privilege not held,
(and possibly Buffer too small, Buffer overflow, Network errors (maybe) and so on.)
Any other entries are usually not significant.
When you reach the last entry in this block use FIND\FIND\FIND NEXT to start the next search and repeat until the end of the file.
Note any of the above errors and what they pertain to.
If you have time, check all the entries in the RESULTS column for the errors listed above.
It is time consuming and tedious but I wanted to include all possible errors and did not want to filter out stuff that might be useful.
I would hope that we will see a definitive error that is causing the problem – if not we’ll bring back the registry entries only and analyse them.
NOTE: On some routes Procmon and TS2013 use a lot of RAM and may bring the process to a halt so choose a route that is not too complex if possible.
Get back to me if there is anything you are not sure of.
pH
