This isn’t the type of tool that you spend a relaxing day browsing through, because within a very short time period, you’ll be looking at millions of rows. The key is to have some idea, at least, about what you are looking at, as well as what you are looking for. When you first load up the Process Monitor interface, you’ll be presented with an enormous number of rows of data, with more data flying in quickly, and it can be overwhelming. We’re just looking at the fact that a process is writing to one of these streams, so we can later figure out more about what is happening. So Process Monitor can capture any type of I/O operation, whether that happens through the registry, file system, or even the network - although the actual data being written isn’t captured. Again, you would probably want to use Process Explorer for tracking these things most of the time, but it’s useful here if you need it.
You’ll be surprised just how often this happens.
It will additionally track a few other events in a limited fashion. What it does do is capture specific types of I/O (Input / Output) operations, whether they happen through the file system, registry, or even the network.
It’s not going to track which processes are open and wasting CPU on your computer - that’s the job of Process Explorer, after all.
#Top process monitor drivers#
For instance, Process Monitor doesn’t care if you move your mouse around, and it doesn’t know whether your drivers are working optimally. Process Monitor captures a ton of data, but it doesn’t capture every single thing that happens on your PC.
#Top process monitor windows#
On Windows Vista and later, you’ll be prompted with a UAC dialog, but for XP or 2003, you’ll need to make sure the account you use has Administrator privileges.
#Top process monitor driver#
It’s also worth noting that Process Monitor always requires administrator mode because it loads a kernel driver under the hood to capture all of those events. While those utilities are still available out there, and while they might suit your particular needs, you’d be much better off with Process Monitor, because it can handle a large volume of events better due to the fact that it was designed to do so. The Process Monitor utility was created by combining two different old-school utilities together, Filemon and Regmon, which were used to monitor files and registry activity as their names imply. If you’ve ever wondered how some geek figured out a registry hack that nobody has ever seen, it was probably through Process Monitor. We don’t do a lot of registry hack articles anymore, but back when we first started we would use Process Monitor to figure out what registry keys were being accessed, and then go tweak those registry keys to see what would happen. Want to understand which registry keys your favorite application is actually storing their settings in? Want to figure out what files a service is touching and how often? Want to see when an application is connecting to the network or opening a new process? It’s Process Monitor to the rescue. This is like taking a peek at a global logfile for every single event that happens on your Windows PC. Unlike the Process Explorer utility that we’ve spent a few days covering, Process Monitor is meant to be a passive look at everything that happens on your computer, not an active tool for killing processes or closing handles.