Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 90928 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

PROCESS MONITOR - Using (procmon.exe) to debug Windows XP Problems


  • Please log in to reply
1 reply to this topic

#1 Ztruker

Ztruker

    WTT Tech

  • Tech Team
  • 7,640 posts
  • Interests:Helping people fix MS Windows related computer problems of all kinds.

    Good, inexpensive wine (not an oxymoron).

Posted 17 August 2009 - 07:34 PM

Process Monitor (procmon.exe) by Mark Russinovich and Bryce Cogswell is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It's an excellent tool for understanding what is happening when something doesn't work right. Things like:
  • Empty Add or Remove Programs window
  • Can't install or Uninstall software
  • Excessive hard drive activity
Download the latest Process Monitor here: http://technet.micro...s/bb896645.aspx

Unzip it to C:\Windows\temp, then open a Run window by pressing WinKey+R. Copy and paste the following in the Run box then press the Enter key:

c:\windows\temp\procmon.exe /NoConnect /NoFilter

Know exactly what you have to do to recreate the problem then in the Process Monitor window, click on File then Capture Events.
This will start the recording process.

>>> Immediately perform the steps necessary to recreate the problem <<<

As soon as you have done this, click on File then Capture Events again to stop the collection process.
Once that completes, click on File then Save. Select All Events and PML format. Save it to C:\Windows\temp.
Zip the file and upload it here using the Browse and Upload buttons below the text input area.
Once uploaded, click on Manage Current Attachments and click on the first icon to paste a link to your uploaded file in your post.

Anyone working with you can download the file, unzip it and import it into Process Monitor to examine it and look for problems.

Edited by Ztruker, 03 December 2010 - 08:33 PM.

Rich

Cupiditas praemium suum est (Greed is its own reward)

    Advertisements

Register to Remove


#2 Betatester

Betatester

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 09 January 2016 - 02:00 AM

Why not run Process Monitor on my Win X ? i switch off Avast but nothing.

Windows XP Pro SP3

 

qqmk64.jpg

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="Procmon.exe" FILTER="GRABMI_FILTER_PRIVACY">
    <MATCHING_FILE NAME="Procmon.exe" SIZE="2046608" CHECKSUM="0x31B83D95" BIN_FILE_VERSION="3.20.0.0" BIN_PRODUCT_VERSION="3.20.0.0" PRODUCT_VERSION="3.20" 
FILE_DESCRIPTION="Process Monitor" COMPANY_NAME="Sysinternals - www.sysinternals.com" PRODUCT_NAME="Sysinternals Procmon" FILE_VERSION="3.20" ORIGINAL_FILENAME="Procmon.exe" INTERNAL_NAME="Procmon" LEGAL_COPYRIGHT="Copyright © 1996-2015 Mark Russinovich" 
VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1FBD80" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.20.0.0" UPTO_BIN_PRODUCT_VERSION="3.20.0.0" LINK_DATE="05/26/2015 00:37:43" 
UPTO_LINK_DATE="05/26/2015 00:37:43" VER_LANGUAGE="Englisch (USA) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="kernel32.dll" SIZE="1067008" CHECKSUM="0xD3859AE" BIN_FILE_VERSION="5.1.2600.6532" BIN_PRODUCT_VERSION="5.1.2600.6532" PRODUCT_VERSION="5.1.2600.6532" 
FILE_DESCRIPTION="Client-DLL für Windows NT-Basis-API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Betriebssystem Microsoft® Windows®" FILE_VERSION="5.1.2600.6532 (xpsp_sp3_qfe.140312-0419)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" 
LEGAL_COPYRIGHT="© Microsoft Corporation. Alle Rechte vorbehalten." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x10EBEB" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.6532" UPTO_BIN_PRODUCT_VERSION="5.1.2600.6532" 
LINK_DATE="03/12/2014 10:48:40" UPTO_LINK_DATE="03/12/2014 10:48:40" VER_LANGUAGE="Deutsch (Deutschland) [0x407]" />
</EXE>
</DATABASE>


Edited by Betatester, 09 January 2016 - 02:03 AM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users