Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

PROCESS MONITOR - Using (procmon.exe) to debug Windows XP Problems

Started by Ztruker , Aug 17 2009 07:34 PM

  • Please log in to reply
1 reply to this topic

#1 Ztruker

Ztruker

    WTT Technical Elder

  • Tech Team
  • 8,292 posts
  • Interests:Helping people fix MS Windows related computer problems of all kinds.

    Waking each morning to see the green side of the Earth!

Posted 17 August 2009 - 07:34 PM

Process Monitor (procmon.exe) by Mark Russinovich and Bryce Cogswell is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It's an excellent tool for understanding what is happening when something doesn't work right. Things like:
  • Empty Add or Remove Programs window
  • Can't install or Uninstall software
  • Excessive hard drive activity
Download the latest Process Monitor here: http://technet.micro...s/bb896645.aspx

Unzip it to C:\Windows\temp, then open a Run window by pressing WinKey+R. Copy and paste the following in the Run box then press the Enter key:

c:\windows\temp\procmon.exe /NoConnect /NoFilter

Know exactly what you have to do to recreate the problem then in the Process Monitor window, click on File then Capture Events.
This will start the recording process.

>>> Immediately perform the steps necessary to recreate the problem <<<

As soon as you have done this, click on File then Capture Events again to stop the collection process.
Once that completes, click on File then Save. Select All Events and PML format. Save it to C:\Windows\temp.
Zip the file and upload it here using the Browse and Upload buttons below the text input area.
Once uploaded, click on Manage Current Attachments and click on the first icon to paste a link to your uploaded file in your post.

Anyone working with you can download the file, unzip it and import it into Process Monitor to examine it and look for problems.

Edited by Ztruker, 03 December 2010 - 08:33 PM.

Rich
 

Die with memories, not dreams. – Unknown

    Advertisements

Register to Remove

#2 Betatester

Betatester

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 09 January 2016 - 02:00 AM

Why not run Process Monitor on my Win X ? i switch off Avast but nothing.

Windows XP Pro SP3

 

qqmk64.jpg

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="Procmon.exe" FILTER="GRABMI_FILTER_PRIVACY">
    <MATCHING_FILE NAME="Procmon.exe" SIZE="2046608" CHECKSUM="0x31B83D95" BIN_FILE_VERSION="3.20.0.0" BIN_PRODUCT_VERSION="3.20.0.0" PRODUCT_VERSION="3.20" 
FILE_DESCRIPTION="Process Monitor" COMPANY_NAME="Sysinternals - www.sysinternals.com" PRODUCT_NAME="Sysinternals Procmon" FILE_VERSION="3.20" ORIGINAL_FILENAME="Procmon.exe" INTERNAL_NAME="Procmon" LEGAL_COPYRIGHT="Copyright © 1996-2015 Mark Russinovich" 
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1FBD80" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.20.0.0" UPTO_BIN_PRODUCT_VERSION="3.20.0.0" LINK_DATE="05/26/2015 00:37:43" 
UPTO_LINK_DATE="05/26/2015 00:37:43" VER_LANGUAGE="Englisch (USA) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="kernel32.dll" SIZE="1067008" CHECKSUM="0xD3859AE" BIN_FILE_VERSION="5.1.2600.6532" BIN_PRODUCT_VERSION="5.1.2600.6532" PRODUCT_VERSION="5.1.2600.6532" 
FILE_DESCRIPTION="Client-DLL für Windows NT-Basis-API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Betriebssystem Microsoft® Windows®" FILE_VERSION="5.1.2600.6532 (xpsp_sp3_qfe.140312-0419)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" 
LEGAL_COPYRIGHT="© Microsoft Corporation. Alle Rechte vorbehalten." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x10EBEB" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.6532" UPTO_BIN_PRODUCT_VERSION="5.1.2600.6532" 
LINK_DATE="03/12/2014 10:48:40" UPTO_LINK_DATE="03/12/2014 10:48:40" VER_LANGUAGE="Deutsch (Deutschland) [0x407]" />
</EXE>
</DATABASE>

Edited by Betatester, 09 January 2016 - 02:03 AM.

Related Topics

Back to Windows Made Easy - XP Advanced · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Discussion
  3. Tech Tips
  4. Windows Made Easy - XP Advanced
  5. Privacy Policy
  6. Terms of Use ·