Process Monitor
| Process Monitor | |
|---|---|
| File:Process Monitor Logo.webp Logo of Process Monitor | |
 Screenshot of Windows 10 Process Monitor | |
| Other names | ProcMon |
| Original author | Winternals Software |
| Developers | Mark Russinovich and Bryce Cogswell |
| Stable release | v4.01[1]
/ June 20, 2024 (Windows version) |
| Preview release | v2.0 Preview
/ July 22, 2024 (Linux version) |
| Repository | github |
| Written in | C++ |
| Engine | |
| Operating system | Windows XP SP2 and higher, Linux |
| Included with | Sysinternals |
| Available in | English |
| License | Windows: Proprietary commercial software Linux: MIT License[2] |
| Website | Windows Sysinternals |
Process Monitor is a tool from Windows Sysinternals, part of the Microsoft TechNet website. The tool monitors and displays in real-time all file system activity on a Microsoft Windows or Unix-like operating system. It combines two older tools, FileMon and RegMon and is used in system administration, computer forensics, and application debugging.
Overview
[edit | edit source]Process Monitor monitors and records all actions attempted against the Microsoft Windows Registry. Process Monitor can be used to detect failed attempts to read and write registry keys. It also allows for filtering on specific keys, processes, process IDs, and values. In addition it shows how applications use files and DLLs, detects some critical errors in system files and more.[3]
History
[edit | edit source]RegMon and its sister application Filemon were primarily created by Mark Russinovich[4] and Bryce Cogswell, employed by NuMega Technologies and later SysInternals prior SysInternals being bought out by Microsoft in 2006.
The two tools were combined to create Process Monitor.[5][6] Early versions of Process Monitor (up to version 2.8) ran on Windows 2000 SP4 with Update Rollup 1.[7] The current version for Windows only runs on Windows Vista and above.
Initially, ProcMon was only available for Microsoft Windows. In November 2018, Microsoft confirmed it is porting Sysinternals tools, including ProcDump and ProcMon, to Linux.[8] The Linux port of the software is open source. It is licensed under MIT License and the source code is available on GitHub.[9]
FileMon
[edit | edit source]FileMon (from a concatenation of "File" and "Monitor") was a free utility for 32/64-bit Microsoft Windows operating systems which provided users with a powerful tool to monitor and display file system activity.
FileMon is no longer supported.
RegMon
[edit | edit source]The RegMon utility from Sysinternals provided forensics on Windows Registry usage.
RegMon is no longer supported.
See also
[edit | edit source]Lua error in mw.title.lua at line 392: bad argument #2 to 'title.new' (unrecognized namespace name 'Portal').
References
[edit | edit source]- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Mark Russinovich’s Blog Archived 2015-05-30 at the Wayback Machine
- ^ RegMon for Windows
- ^ Process Monitor, Microsoft Technet
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
External links
[edit | edit source]
 | This Microsoft Windows article is a stub. You can help Wikipedia by expanding it. |