Process Monitor and Process Explorer Rock!
Process Monitor by SysInternals (owned by Microsoft) (not to be confused with Process Explorer) is a rewrite from the ground up of Regmon and FileMon. It combines the features or RegMon, FileMon, and adds Processes and Threads as well. It will aggregate the data in the trace, so you can see stuff like which process is accessing the disk/registry the most. Furthermore, you can add advanced filters such as monitoring a particular regkey, file, process, etc. Finally, the best part is that once you see a *problem*, you can get the thread *stack* (both kernel mode and usermode) of the process that is accessing that resource... how cool is that?! This requires the Debugging Tools for Windows to be installed and symbols, but that is easily done.
Process Explorer rocks as well because it can show you the current function calls that each of the threads of your process are one. For example, when Outlook is hung, you can see its current thread stacks (requires the Debugging Tools for Windows to be installed). Unfortunately, I can’t seem to get it to use my symbols path properly to make this feature more effective. In any case, it has information on just about anything you want to know about process.
Comment Notification
If you would like to receive an email when updates are made to this post, please register here
Subscribe to this post's comments using
Comments
Leave a Comment
About clinth@microsoft.com
I am originally from Dayton, OH. Worked for the Air Force for 6 years. Joined Microsoft in 1999 and moved to Charlotte, NC. There I was a Support Professional and later worked as a Testing Consultant. After 6 years, my wife, daughter and I moved to Seattle, WA where I took a job as a Microsoft Premier Field Engineering (PFE) supporting BizTalk. Throughout my Microsoft career I've always been very passionate about performance analysis, so I have worked hard to make performance analysis easier for our customers. Oh, and I like PC games like Diablo 2 and Fable, cigars, and a nice Chianti.
