Process monitor

From Hostek.com Wiki
Revision as of 19:15, 10 October 2014 by Brentb (Talk | contribs) (Using Process Monitor)

Jump to: navigation, search

Process Monitor

What is Process Monitor?

Process Monitor (procmon for short) is a tool provided by Microsoft that allows you to view what processes are running and their result (such as Access Denied) in real time. It is a very useful tool for diagnosing where an error is occurring such as access denied. By running procmon and then hitting the link where you're getting denied access it can show you the problem.

How to install Process Monitor

To install Process Monitor follow these short steps:

  1. Visit http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx and download ProcMon
  2. It will download a zip file. Unzip the contents into their own directory
  3. You can now double-click procmon to open it up


Using Process Monitor

Once ProcMon is double-clicked, it will open a window that looks like the image below.
File:Procmonopen.jpg


Now make sure the magnifying class (capture) has a slash through it so it is not currently capturing events. If it does not, click on it and then click on the clear button two icons over (hotkey: ctrl-x). You will now click on filter and then click on the filter choice in the drop down menu to see the following image:
File:Procmonfilter.jpg

Procmon automatically adds things to the filter that have to do with it so you don't have to. Here you can add how you would like to filter the output. For example, if your problem is access denied on a particular page you would filter by result and include Access Denied. You can tweak the filter just about any way needed to get the results you are looking for. Once the filter has been tweaked just click on OK. Now to begin capturing events click on the magnifying glass again. It will now begin capturing and you can reproduce your error to see what procmon shows you.