Process Monitor is a Windows utility from Sysinternals.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
By default, the application is logging for Registry, File, Network, and Process.
Control + E toggles capture, and Control + X clears the logs.
A quick method to create a filter is the right-click on the name within one of the columns.
One common use of Process Monitor is to determine the Registry location of a parameter. The filter parameter would be RegSetValue.
In this example, below is the Registry key to enable DEP.
To launch the Registry Editor with the path in question, right-click the entry and use the Jump To option.
Another option is to click on the Target icon and drag on the parameter in question.
Applications can be filtered based on process name.
Certain items are filtered by default. To see all data, use the Filter –> Enabled Advanced Output option.
The Process Tree view can be accessed using Control Key + T.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.