Search

Process Monitor v1.0 In Depth

Saturday, 11 November 2006 by Michel Roth

Ever since the release of Process Monitor v1.0 earlier this week, blogs and articles have started to turn up on this new tool from Windows Sysinternals. One of the more informative is one on Bleepingcomputer.com. It discusses some of the "Operations" Process Monitor can report to you and what they mean. A very informative article:

"Combine Filemon and Regmon and sprinkle in a little code from pslist and process explorer and the people at Sysinternals have once again created a powerful new monitoring application called Process Monitor. The before mentioned tools have a special place in my heart ever since I wrote the chapter on how to use them to monitor a computer in the Winternals: Defragmentation, Recovery, and Administration Field Guide, and having them combined into a single utility offers us a tool that is both versatile and easy to use.

What makes this tool so powerful, is that you have the ability to monitor, from one application, the real-time Windows Registry, File System activity, and Process activity occuring on your computer. Now, I will admit that the information shown by the tool can be daunting and hard to understand at first, but after playing around with it a bit and reading the information below, you will see why it is such a powerful tool to use when diagnosing Windows problems ranging from malware infections to unknown disk activity.

To make your life a bit easier when it comes to understanding the output, I have put together a list of the common operations you will see in Process Monitor and their meanings. These are broken down into Registry, Process, and File System operations and are explained in the tables below. The lists below are by no means a definitive list of operations you will see when using Process Monitor, and do not include any of the advanced output operations, but they are enough to get you started using the program."

Check out the entire article here.