EDN Admin
Well-known member
In this 2 part episode of Defrag Tools , Andrew and I walk you through Sysinternals Process Monitor . Process Monitor allows you to view the File, Registy, Network, Process and Profiling details of the processes running on the computer. The logging allows you to go from a holistic view all the way down to the function in the stack that initiated an event. Process Monitor can be used to troubleshoot nearly all types of issues. As coined by http://www.solsem.com/ David Solomon - "When in doubt, run Process Monitor". Part 1 (this week) covers the tool itself.
Part 2 (next week) goes though a wide variety of examples showing how different techniques are required for different investigations. Resources:
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx Sysinternals Process Monitor <span><span> Timeline:
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=01m03s [01:03] - Episode Overview
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=01m55s [01:55] - http://www.sysinternals.com www.sysinternals.com
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=03m30s [03:30] - Launching & EULA
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=04m00s [04:00] - Events traced
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=06m28s [06:28] - Sysinternals Administrators Reference - [ http://www.amazon.com/Windows-Sysinternals-Administrators-Reference-Russinovich/dp/073565672X Amazon ]
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=07m00s [07:00] - File Menu - Open, Save, Backing Files/Pagefile, Capture Events and Configuration
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=10m34s [10:34] - Edit Menu - Copy, Find, Highlight, Bookmarks, Auto Scroll and Clear Display
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=14m52s [14:52] - Events Menu - Jump To, Search Online, (Quick) Filtering, Filemon/Regmon heritage, Highlight &Filter dialogs
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=22m48s [22:48] - Filter Menu - <span><span>Advanced Output, Load/Save/Organize Filters, Drop Filtered Events
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=25m02s [25:02] - Tools Menu - Next episode...
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=25m28s [25:28] - Options Menu - Symbols, History Depth, Profiling and Network Addresses
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=28m47s [28:47] - Command Line - Refer to the book, help file and the dialog
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=29m08s [29:08] - Columns - in particular, the Relative Time and Duration columns
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=31m48s [31:48] - Next episode, examples... <img src="http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/njs.gif?dcssip=channel9.msdn.com&dcsuri=http://channel9.msdn.com/Feeds/RSS&WT.dl=0&WT.entryid=Entry:RSSView:5d394cbfc3fa4b18a816a0a701303836
View the full article
Part 2 (next week) goes though a wide variety of examples showing how different techniques are required for different investigations. Resources:
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx Sysinternals Process Monitor <span><span> Timeline:
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=01m03s [01:03] - Episode Overview
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=01m55s [01:55] - http://www.sysinternals.com www.sysinternals.com
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=03m30s [03:30] - Launching & EULA
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=04m00s [04:00] - Events traced
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=06m28s [06:28] - Sysinternals Administrators Reference - [ http://www.amazon.com/Windows-Sysinternals-Administrators-Reference-Russinovich/dp/073565672X Amazon ]
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=07m00s [07:00] - File Menu - Open, Save, Backing Files/Pagefile, Capture Events and Configuration
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=10m34s [10:34] - Edit Menu - Copy, Find, Highlight, Bookmarks, Auto Scroll and Clear Display
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=14m52s [14:52] - Events Menu - Jump To, Search Online, (Quick) Filtering, Filemon/Regmon heritage, Highlight &Filter dialogs
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=22m48s [22:48] - Filter Menu - <span><span>Advanced Output, Load/Save/Organize Filters, Drop Filtered Events
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=25m02s [25:02] - Tools Menu - Next episode...
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=25m28s [25:28] - Options Menu - Symbols, History Depth, Profiling and Network Addresses
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=28m47s [28:47] - Command Line - Refer to the book, help file and the dialog
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=29m08s [29:08] - Columns - in particular, the Relative Time and Duration columns
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor#time=31m48s [31:48] - Next episode, examples... <img src="http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/njs.gif?dcssip=channel9.msdn.com&dcsuri=http://channel9.msdn.com/Feeds/RSS&WT.dl=0&WT.entryid=Entry:RSSView:5d394cbfc3fa4b18a816a0a701303836
View the full article