Sysinternals Process Monitor v1.0
Thursday, 09 November 2006 by Michel Roth
Following the acquisition by Microsoft, the Sysinternals tools have found a new home on Microsoft Technet. The new home has been launched with the availability of a long-awaited new excellent tool form Sysinternals: Process Monitor v1.0. This brilliant new tool combines the invaluable capabilities of Filemon, Regmon and some of the capabilities of Process Explorer. So now you can capture all file and registry activity for any process in a single tool!

It's easy to see that this tool was written based on the feedback of the users of the Sysinternals tools. Some of the great new features of this tool:

• FINALLY you can now filter on, for example, Access Denied messages, in stead of having to highlight these messages within thousands of other entries. Basically you can filter out anything you can imagine.
• You can filter events per session ID, making it far better suited for use in Terminal Server / Citrix environments.
• Some always presents system events have been excluded (filtered out) by default the prevent cluttering of the results.



From the new Sysinternals website:
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 and Windows Vista.

Process Monitor's user interface and options are similar to those of Filemon and Regmon, but it was written from the ground up and includes numerous significant enhancements, such as:

• Monitoring of process and thread startup and exit, including exit status codes
• Monitoring of image (DLL and kernel-mode device driver) loads
• More data captured for operation input and output parameters
• Non-destructive filters allow you to set filters without losing data
• Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation
• Reliable capture of process details, including image path, command line, user and session ID
• Configurable and moveable columns for any event property
• Filters can be set for any data field, including fields not configured as columns
• Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
• Process tree tool shows relationship of all processes referenced in a trace
• Native log format preserves all data for loading in a different Process Monitor instance
• Process tooltip for easy viewing of process image information
• Detail tooltip allows convenient access to formatted data that doesn't fit in the columns.

Download Process Monitor here.

Related Items:

Process Monitor v1.0 In Depth (10 November 2006)
New And Updated Sysinternals Tools (30 July 2007)
ProcessHistory v1.1 (30 October 2006)
Monitoring (30 December 2004)
Sysinternals' Process Explorer Updated (9 February 2006)
Process Explorer 10.11: I/O Performance Metrics (12 May 2006)
Filemon, Regmon And Rootkitrevealer Updated (8 April 2005)
Microsoft Technet Video: Windows internals: Process And Thread Troubleshooting - Part 1 (8 May 2006)
Newest Versions Of Sysinternals Tools (21 February 2005)
Process Explorer v9.2 (17 August 2005)
Comments (0)add feed
Show/Hide comment formtoggle
password
 

busy