Process monitor sysinternals how to#To keep the documentation simple, I’ve used the easiest example so that an end-user understands clearly how to efficiently track registry and file system events using Process Monitor & generate the log file. Also, don’t forget the compress (.zip) the log file first. If you’re going to send me a Process Monitor log, make sure you enable the All Events option when saving the log file. Look at the graphic below. You certainly want to zip the log file before sending it to someone.Įditor’s note: I usually suggest my clients save the log with the All events option so that the diagnosis can be more accurate. Right-click on the Logfile.PML file, click Send To, and choose Compressed (zipped) folder.Select Native Process Monitor Format (PML), mention the output file name and Path, save the file. Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity.In the Process Monitor window, select the File menu and click Save.So change the setting, hit Apply on the dialog. Right now the setting is on, and the key is set to 0. Take a look at the setting, and then take a look at the key. Now we need to make sure that this is actually the right key, which is pretty easy to figure out. The solution would be to simply run Notepad elevated (right-click and choose “Run as Administrator”) to be able to write to HOSTS file successfully. Process Monitor will open up the Registry Editor and highlight the key in the list. Solution: The log file above tells us that Notepad encountered an ACCESS DENIED error when writing to the HOSTS file. You need to do all that as quickly as you can. This is to prevent Process Monitor from recording other unneeded data (which makes the analysis part more difficult). Similarly, turn off capturing as soon as you finish reproducing the problem. Reproduce the problem in Capture while Process Monitor is running. Go to File ¦ and check (enable) Capture Events. Go to File ¦ and uncheck (disable) Capture Events. Important: Don’t take much time to reproduce the problem after enabling capturing. Once installed, run Process Monitor with Administrator rights (ProcMon.exe).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |