Process Monitor
Encyclopedia
Process Monitor is a free tool from Windows Sysinternals, part of the Microsoft TechNet
website
. The tool, as an alternative to Windows Task Manager
, monitors and displays in real-time all file system activity on a Microsoft Windows
operating system. It combines two older tools, FileMon and RegMon and is used in system administration, computer forensics
, and application debugging.
Process Monitor monitors and records all actions attempted against the Microsoft Windows
Registry
. Process Monitor can be used to detect failed attempts to read and write registry keys. It also allows for filtering on specific keys, processes, process IDs, and values. In addition it shows how applications use files and DLL
s, detects some critical errors in system file
s and more.
and Bryce Cogswell, employed by Nu-Mega Technologies
and later SysInternals
prior SysInternals being bought out by Microsoft
in 2006.
The two tools were combined to create Process Monitor
. Early versions of Process Monitor (up to version 2.8) ran on Windows 2000 SP4 with Update Rollup 4 . The current version only runs on Windows XP with the latest service pack and above.
of "File" and "Monitor") — was a free utility for 32/64-bit Microsoft Windows
operating systems which provided users with a powerful tool to monitor and display file system activity.
FileMon is no longer supported.
usage.
RegMon is no longer supported.
Microsoft TechNet
Microsoft TechNet is a Microsoft program and resource for technical information, news, and events for IT professionals. Along with a website, they also produce a monthly subscription magazine titled "TechNet Magazine"....
website
Website
A website, also written as Web site, web site, or simply site, is a collection of related web pages containing images, videos or other digital assets. A website is hosted on at least one web server, accessible via a network such as the Internet or a private local area network through an Internet...
. The tool, as an alternative to Windows Task Manager
Windows Task Manager
Windows Task Manager is a task manager application included with the Microsoft Windows NT family of operating systems that provides detailed information about computer performance and running applications, processes and CPU usage, commit charge and memory information, network activity and...
, monitors and displays in real-time all file system activity on a Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
operating system. It combines two older tools, FileMon and RegMon and is used in system administration, computer forensics
Computer forensics
Computer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media...
, and application debugging.
Process Monitor monitors and records all actions attempted against the Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
Registry
Windows registry
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...
. Process Monitor can be used to detect failed attempts to read and write registry keys. It also allows for filtering on specific keys, processes, process IDs, and values. In addition it shows how applications use files and DLL
DLL
DLL may refer to:* Data link layer, a layer in the OSI network architecture model* Delay-locked loop, a device to reduce clock skew in digital circuits* Doubly linked list, a data structure in computer programming...
s, detects some critical errors in system file
System file
A system file is a computer file important to the operating system. More specifically, it may refer to:* .sys — a Microsoft Windows file extension for system-related files* The System suitcase on Mac OS* Any file marked with a "system" attribute...
s and more.
History
RegMon and its sister application Filemon were primarily created by Mark RussinovichMark Russinovich
Mark E. Russinovich is a Technical Fellow in the Platform and Services Division at Microsoft. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006.-Early life and education:...
and Bryce Cogswell, employed by Nu-Mega Technologies
Nu-Mega Technologies
NuMega Technologies was a software company founded in 1987 by Frank Grossman and Jim Moskun in Nashua, New Hampshire, USA.The company developed Kernel mode debugger, now SoftICE, for DOS and the Windows NT family....
and later SysInternals
Sysinternals
Windows Sysinternals is a part of the Microsoft TechNet website which offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Originally, the Sysinternals website was created in 1996 and was operated by the company Winternals...
prior SysInternals being bought out by Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
in 2006.
The two tools were combined to create Process Monitor
Process Monitor
Process Monitor is a free tool from Windows Sysinternals, part of the Microsoft TechNet website. The tool, as an alternative to Windows Task Manager, monitors and displays in real-time all file system activity on a Microsoft Windows operating system...
. Early versions of Process Monitor (up to version 2.8) ran on Windows 2000 SP4 with Update Rollup 4 . The current version only runs on Windows XP with the latest service pack and above.
FileMon
FileMon (from a concatenationConcatenation
In computer programming, string concatenation is the operation of joining two character strings end-to-end. For example, the strings "snow" and "ball" may be concatenated to give "snowball"...
of "File" and "Monitor") — was a free utility for 32/64-bit Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
operating systems which provided users with a powerful tool to monitor and display file system activity.
FileMon is no longer supported.
RegMon
The regmon utility from Sysinternals provided forensics on Windows RegistryWindows registry
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...
usage.
RegMon is no longer supported.