Tip

Sysinternals' Process Monitor tool tells admins all about Windows activities

Good news. Mark Russinovich continues to churn out free Windows utilities. His newest, Process Monitor, provides a detailed picture of the way things transpire inside Windows.

When Microsoft in July acquired the Sysinternals Web site of system utilities to help administrators manage, troubleshoot and diagnose their Windows systems and applications, many people worried that the Sysinternals collection of

    Requires Free Membership to View

freeware tools would no longer be free.

Happily, this has turned out not to be the case. One condition of the acquisition was that the utilities created by Russinovich would remain free for all to use. In fact, the first of these free post-acquisition utilities has appeared: Process Monitor 1.01.

Process Monitor actually eclipses the functionality of some other tools that Russinovich has written, including Filemon and Regmon.

There's lots of new features rolled into Process Monitor. It watches a Windows system for many kinds of activity, such as threads being created and terminated, image loads and unloads, and other low-level operations. It provides a highly detailed window into the way things transpire inside the operating system, and can be used for anything from casual inspection to hunting down malware.

The program can capture all the activity it observes in a log that can run to many gigabytes, so you can create highly detailed system activity logs without worrying about blowing out the limits of what the program can capture.

If you just want to narrow down the capture to a specific process or keyword, a filtering function will let you do just that. Double-click on a captured event and you'll get a detailed dump of every conceivable property associated with it, broken down across three tabs: Event, Process (as in the process associated with the given event) and Stack (which dumps out the thread stack for the thread where the event was recorded).

When you're finished capturing data, you can make sense of the results using the Trace Summary Tools. For instance, click on "Unique Values" and you can derive a quick report of all unique values that match a given selection from a drop-down menu. To see a list of all the processes that were active during the trace, you could select Process Name, then use the results to filter the trace all the more precisely. This way you can drill down through the mountain of data returned by even a very short capture operation to get exactly the details you need.

Like many other Sysinternals tools, Process Monitor requires no installation: Just unpack the program into a directory and run it. (However, the first time you run it you'll be asked to agree to a short EULA).

About the author: Serdar Yegulalp is editor of the  Windows Power Users Newsletter, which is devoted to hints, tips, tricks, news and goodies for Windows NT, Windows 2000 and Windows XP users and administrators. He has more than 10 years of Windows experience under his belt, and contributes regularly to SearchWinComputing.com and SearchSQLServer.com.

More information on this topic:

 

This was first published in November 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.