Stack Overflow
Stack Overflow

Questions tagged [procmon]

Process Monitor is a free advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.

Process Monitor is a free advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It offers non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. It can be used to troubleshoot problems such as application errors, hangs and sulggish performance. It is also used by some to find malware.

Application site: http://technet.microsoft.com/en-ca/sysinternals/bb896645.aspx

"Case of the Unexplained" webcasts from Mark Russinovich showing how to use Process Monitor and other Sysinternals tools to troubleshoot problems: http://technet.microsoft.com/en-us/sysinternals/bb963887#case

48 questions
65
votes
1 answer

Why I can not find "Debug Managed Memory" on Actions menu?

Why I can not find "Debug Managed Memory" on Action menu as described at this MSDN article: Analyze .NET Framework memory issues? My Visual Studio: How it is supposed to look:
Vinicius Rocha
  • 4,023
  • 4
  • 29
  • 38
10
votes
2 answers

How can I log low-level OS file transactions in C#?

Since File/Process Monitor falls short in terms of filtering and unnecessary duplication when logging, I want to recreate what that program does and log all Windows file operations live in realtime. I want to record various attributes such as the…
Dan W
  • 3,520
  • 7
  • 42
  • 69
6
votes
1 answer

How do I filter procmon results on time-of-day?

Filtering procmon results on time-of-day does not work as one would expect. Suppose the results show a line with time-of-day "7:44:26.4065994 AM". If you filter on 'Time of Day' begins with '7:44:26', all results are filtered out. If you filter on…
NoBrassRing
  • 483
  • 7
  • 15
6
votes
1 answer

Writing to a FileStream behaves strangely, as observed by process monitor

I'm using FileStream to write to a file, and watching the underlying system calls using Process Monitor. I'm having trouble with some file locking issues in a production deployment, so I'm looking at the details closely. This sample code: …
TheSoftwareJedi
  • 34,421
  • 21
  • 109
  • 151
5
votes
3 answers

*.pyd file fails to load, but DependancyWalker comes up clean, and ProcMon shows it loaded

I am trying to load a *.pyd with Python, but I receive the well known "Import Error: DLL load failed: the specified procedure can not be found." error. I have already done the following: 1.) Investigated the *.pyd with Dependency Walker. GPSVC.DLL…
Transformer2
  • 93
  • 1
  • 2
  • 5
4
votes
0 answers

Understanding a sharing violation using procmon

I have a procmon trace for a build of an application (using multiple different processes) that at some point fails to write a file because it is being used by another process. The first thing I see is that the file gets deleted at the start of the…
user2460953
  • 319
  • 1
  • 3
  • 10
3
votes
1 answer

Command line version of Procmon

I'm using Windows 7 and I'd like to monitor for new Process Create events. (i.e. get an entry for each process that's created, with full details about it.) I succeeded in doing this in Procmon, but I want to do it in the shell, and get text output…
Ram Rachum
  • 84,019
  • 84
  • 236
  • 374
3
votes
2 answers

How to detect when a file is checked for in a directory?

I want to be able to programmatically (C#) detect when a program attempts to load (or otherwise access) a non-existent DLL from a directory that I control/own on Windows. I can manually accomplish this using Sysinternals Process Monitor (ProcMon).…
n00b
  • 4,341
  • 5
  • 31
  • 57
3
votes
1 answer

how to disable logging in Process monitor while startup

How to Open Process monitor with logging on all logging components STOPPED. By default, it starts capturing all the logs giving no time to do CTRL + E which stops Capture Events and apply my filter. It fills virtual memory quick enough to become…
Sundar Rajan
  • 556
  • 4
  • 25
3
votes
1 answer

Monitoring IO like Sysinternals' ProcMon

How does the Process Monitor from Sysinternals monitor file IO activity like it does? If you enable the advanced information, you can see that calls that were previously shown as CreateFile are now shown as IRP_MJ_CREATE which suggests that it hooks…
John Zane
  • 878
  • 1
  • 9
  • 22
3
votes
2 answers

7z file manager deletes temporary file for external editor

I am using a lot applications from portableapps.com for work, and more particularly 7-zip portable and gVim portable. I have set 7zip's external editor to gVimPortable.exe. It works perfectly when editing a file that is not inside an archive or…
Benoit
  • 76,634
  • 23
  • 210
  • 236
2
votes
1 answer

Process Monitor shows "path not found" for valid URLs

We use "Process Monitor" (ProcMon) to monitor the w3wc.exe process on a Windows Server 2008 running IIS7 . We have noticed that requests to perfectly legal urls still results in a "PATH NOT FOUND" entry in ProcMon. For example, we have configured a…
Emil Lundin
  • 577
  • 5
  • 14
2
votes
2 answers

Sysinternals Process Monitor (ProcMon): Using wildcards on filter

I am using Sysinternals Process Monitor to debug some incoming events and now I am trying to create a filter on Path and using wildcards. What I am trying to use is to filter path which begin with c:\MyApp\MyDocuments\Temp and ends with .pdf Path…
Willy
  • 9,848
  • 22
  • 141
  • 284
2
votes
1 answer

Can SysInternals' Process Monitor log when a thread blocks awaiting for an event?

I need to diagnose a server that is unable to reach peak performance. CPU usage drops to zero for around 500ms and then spikes to 100% while trying to process the queued requests, this pattern repeats during a number of hours after which the…
BlueStrat
  • 2,202
  • 17
  • 27
2
votes
2 answers

Analyzing read operation using Procmon

I am trying to analyze a basic read operation using ifstream with Procmon. Part of the code used for read operation where i was trying to read data of 16kb size from a file: char * buffer = new char[128000]; ifstream…
moooni moon
  • 333
  • 1
  • 5
  • 19
1
2 3 4