Sysinternals' Portmon: Error 2

Sysinternals' Portmon works only on 32-bit versions of Windows. It does not support 64-bit (probably its driver is not signed).

From the Portmon homepage:

• Runs on:
  • Client: Windows XP (32-bit) and higher (32-bit).
  • Server: Windows Server 2003 (32-bit) and higher (32-bit).

In Windows Explorer, right click on portmon.exe --> select Properties --> click the Compatibility tab, and Run in Windows XP compatibility mode. It works fine like that in Windows 7 64-bit.

"Error 2" is "Cannot find the file specified", that is, cannot find a required DLL file.

Originally, you got this error when you tried to run Portmon from a network location: that broke the security trust, causing Portmon to be untrusted (or perhaps just messing up the search path somehow).

On my copy of Windows 7 64 bit, Microsoft Dependency Walker (depends.exe) tells me that PORTMSYS.SYS (the file created/loaded by Portmon.exe), has unresolved dependencies on ci.dll, clfs.sys, hal.dll and kdcom.dll.

Those are the

code integrity
common log file system
hardware abstraction layer
kernel debugger com

libraries, and they aren't actually missing: if they were, Windows wouldn't boot. However, I don't see a copy of those files in SysWow64. This suggests to me that the problem is not with portman.sys: the problem is with the win32 compatibility layer in Windows 7/64 bit: It doesn't support debug properly.

It is now 2018. There is no 64-bit version of Portmon. Serial ports are a legacy standard. The Windows 7 problem was fixed by the release of Windows 8.1. However, there is a faint chance that some Visual Studio utility or security update back-ported to Windows 7 will fix the problem. Perhaps someone who is familiar with SysWow and debugging will comment.

Instead of portmon for Windows x64, you can use an emulator of a pair of virtual COM ports and a simple program that will connect the physical port and one of the virtual ones, as well as perform the logging function.

To create a pair of virtual COM ports you can use:

• com0com (preferably version "com0com-2.2.2.0-x64-fre-signed", because it contains signed x64 driver)
• Virtual Serial Ports Emulator (VSPE), every time it starts on x64 it asks to purchase a driver, but it works even if you refuse.

Simple mapping and logging program can be found e.g. here or you can write it yourself, it is simple.

The sequence of actions is follows:

• Сreate a pair of virtual COM ports using emulator (for example, COM28 and COM29)
• Let the external device be connected to the computer COM1 port. In the program, whose exchange with external device we want to listen to, we set up a port COM28 (instead of СОМ1) for communication.
• In the mapping program, we set up that we want to bind and log ports COM1 and COM29 (don't forget to set the port baud rate).

I haven't tried it yet, but this question mentions com0com. It creates two virtual serial ports and emulates a null modem cable between them. It claims to be able to run on 64 bit Windows. I'm not sure whether it comes with software that lets you just pipe input from a real port into one of the virtual ports. One of the FAQ's says that you can turn on logging.

I guess in the worst case, you could write your own small program that pipes data from a real port to one of the virtual ports and logs it all.

There's also this question on open-source alternatives that mentions a couple of projects.