In this section we have gathered together useful information about the Microsoft Sysinternals tool Process Monitor, or procmon as it is often called. Procmon traces activity between an application process and the operating system. It captures:
- Process and thread management activity
- File access
- Registry access
- Network packets
The request and response for each activity are presented on a single trace line with a duration column to show response time. Procmon can also be configured to take snapshots of thread stacks once per second or ten times per second. Both capture and trace analysis is achieved with a single portable executable.