Skip to end of metadata
Go to start of metadata

from:  Windows Sysinternals

Overview

  • Real-time display of all local file and registry activity, some network activity, by process

  • Filter on any element of captured activity, ex:  by process, file path, registry key name

  • Save any captured output

  • Combination of previous tools File Monitor and Registry Monitor

Screenshots

 

How to use Process monitor

You can activate the following traces:

 Registry: Logs all Registry operations and displays Registry paths using conventional abbreviations for Registry root keys (e.g. HKEY_LOCAL_MACHINE is represented as HKLM).

  File system:  Displays file system activity for all Windows file systems, including local storage and remote file systems.

 Process: Tracks all process and thread creation and exit operations as well as DLL and device driver load operations.

  Network: Traces and records TCP and UDP activity using Event Tracing for Windows (ETW). Each network operation includes the source and destination addresses, as well as the amount of data sent or received, but does not include the actual data.

 Profiling: Scans all the active threads in the system and generates a profiling even for each one that records the kernel and user CPU time consumed, as well as the number of context switches executed, by the thread since its previous profiling event. Note: the System process is not included in profiling.

Download

From Windows Sysinternals
Run Process Monitor now from Live.Sysinternals.com

Requirements / Dependencies

Windows XP, SP2 and higher.
Windows Server 2003, SP1 and higher.

Additional Resources

Official product page
Windows Sysinternals Administrator’s Reference

 

  • No labels