Process Monitor is a special Windows Sysinternals monitoring utility. It is used to diagnose certain software and compatibility issues
- Process Monitor is an advanced monitoring tool that shows real-time file system, registry and process activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds a number of other enhancements.
- Process Monitor can be used to track system and software activity to troubleshoot some of product issues, especially when it is necessary to track what particular application or process accesses a file or a registry key.
- The main Process Monitor window lists all system operations along with their exact time, process name, ID and the result for each single operation:
- To access advanced information on any single operation right-click on the operation line and choose Properties:
- When analyzing a Process Monitor log, it is recommended to filter out entries. For example you can right click onSuccesses under Results, and exclude it. You can also filter out Processes and generally any field you like.
Whenever it is necessary to get information on the exact process/application that changes or creates a file/registry key or accesses a path on the local drive, please do the following:
- Download Process Monitor from Windows Sysinternals page, extract and run it:
- Reproduce the issue without closing the utility;
- Click File ->Save in the main Process Monitor window:
- Note the path where the log file is saved, so that you will be able to find it:
- Select All events and save the log file in the PML format:
- Please make sure to copy the logfile.PML into a ZIP file, as it becomes significantly smaller:
The latest version of the Process Monitor utility is always available at Microsoft TechNet Sysinternals Download Page.
Process Monitor can be run on Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1, Windows Vista, Windows Server 2008, Windows 7 as well as x64 versions of Windows XP, Windows Server 2003 SP1, Windows Vista, Windows Server 2008, Windows 7.
You can open PML files only with the Process Monitor itself