| By Ryan Russell |
Microsoft’s free Process Monitor tool allows you to log any specific file and Registry activity a process is performing.
Process Monitor is for logging, not snapshots
Process Monitor (PM) is a tool for monitoring file and Registry activity. I’ve mentioned older tools in this family (Filemon and Regmon) in my column on Nov. 22, 2005. You can download PM directly from Microsoft.
Figure 1. Process Monitor can log every call that any Windows process makes.
If you’ve used the older tools before, Microsoft will tell you the advantages of the newer tools over the older ones right on the download page. The immediately obvious improvements are that you only need one tool for both file and Registry monitoring, and you get much better filtering capabilities.
The big difference between a tool like Process Explorer (PE) and PM is that PE only shows you the current information, whereas PM will keep a running log.