In this article, we will show how to track accesses and changes to files and registry on your local computer using Process Monitor. Using Process Monitor to Track File and Registry Changes It intercepts system function calls for the following operations: access to the file system, registry, process activity, network connections. When ProcMon starts, it installs a special system driver PROCMON20.SYS. When you start Process Monitor for the first time, a license agreement (EULA) appears on the screen that requires user confirmation. Extract the archive and run the procmon.exe ( procmon64.exe) executable file as an administrator. Process Monitor does not require installation. ProcMon is not a built-in system utility, so you must download it manually from the Microsoft website. This is useful for diagnosing slow Windows boot. Log all operations during system boot (starting processes, services). ![]() For example, about the actions of a specific process, access to a specific file or a registry key ![]() Set filters to display only the necessary information. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |