Topic outline

  • Process Monitor

    In this section we have gathered together useful information about the Microsoft Sysinternals tool Process Monitor, or procmon as it is often called.  Procmon traces activity between an application process and the operating system.  It captures:

    • Process and thread management activity
    • File access
    • Registry access
    • Network packets

    The request and response for each activity are presented on a single trace line with a duration column to show response time.  Procmon can also be configured to take snapshots of thread stacks once per second or ten times per second.  Both capture and trace analysis is achieved with a single portable executable.

  • Resources

  • Tutorial

    This tutorial gives a good introduction to Process Monitor through a set of short videos.

  • Use Cases

  • External Content

    This section contains links to useful information elsewhere on the web.