![]() ![]() When you launch Process Monitor the first time, you will be overwhelmed by all the system activity. If you wonder, sometimes, why your computer is slow, you will get a better understanding after you see how many tasks a modern operating system has to perform, simultaneously. To track down the cause of a malfunctioning program, it is essential that you utilize the powerful filter. If you already know the program that is causing the problem, you can restrict Process Monitor’s output to this program name. If the problem is a bit more complex, I usually enable the autoscroll feature and watch all system activity until something suspicious attracts my attention. Then, I limit the output with the filter by looking for common characteristics of the processes that interest me.Īnother way to reduce the output is to let Process Monitor only display registry, file system, network, process and thread, or profiling events. You can use the icons on the right side of the toolbar for this purpose. ![]() If you limit the output to network activity, you can try one of the new features of version 2.0. Process Monitor certainly can’t replace a network sniffing tool, but its filter can also be very useful for network-related troubleshooting. Enabling the Process and Thread option will track the creation and exit of processes and threats. Profiling scans all active threads and generates statistical data, such as the user time and the kernel time of the process. The Sysinternals blog lists three new features: by-extension and by-directory views in the File Summary dialog a new Network Summary view, quick filtering in all the summary views, and additional IOCTL and error-result decoding. The File Summary dialog can be accessed from Procmon's Tools menu. ![]() The File Summary gives an overview of the operating system’s file-related activities (see screenshot). Procmon 2.5 offers by-extension and by-directory views in addition to the by-path view found in version 2.0. These new views are quite useful for monitoring file activities because the files can be found much easier than in the by-path view. For example, to see if a certain directory has been accessed by an application, simply navigate to the corresponding folder in the by-directory view. ![]()
0 Comments
Leave a Reply. |