Episode
Defrag Tools: #4 - Process Monitor - Examples
In this 2 part episode of Defrag Tools, Andrew and I walk you through Sysinternals Process Monitor. Process Monitor allows you to view the File, Registy, Network, Process and Profiling details of the processes running on the computer. The logging allows you to go from a holistic view all the way down to the function in the stack that initiated an event. Process Monitor can be used to troubleshoot nearly all types of issues. As coined by David Solomon - "When in doubt, run Process Monitor".
Part 1 (last week) covers the tool itself.
Part 2 (this week) goes though a wide variety of examples showing how different techniques are required for different investigations.
Resources: Sysinternals Process Monitor
Timeline:
[00:00] - Last week...
[01:08] - Finding the Registry keys of the Explorer 'Folder Options' dialog
[08:30] - Using Summary reports to see the current filter's resource usage
[15:09] - Capturing a ProcMon log of system boot
[19:25] - Analyzing the boot log
[27:32] - The Startup/Shutdown chapter of the Windows Internals book [4th edition, 5th edition, 6th edition Part 2]. Note, it's Chapter 13, not Chapter 4, as mentioned on the show. Chapter 13 is in Part 2 of the 6th edition.
[28:17] - Next time...Autoruns
More Examples:
Case of the Unexplained... by Mark Russinovich
Sysinternals Gems by Aaron Margosis
In this 2 part episode of Defrag Tools, Andrew and I walk you through Sysinternals Process Monitor. Process Monitor allows you to view the File, Registy, Network, Process and Profiling details of the processes running on the computer. The logging allows you to go from a holistic view all the way down to the function in the stack that initiated an event. Process Monitor can be used to troubleshoot nearly all types of issues. As coined by David Solomon - "When in doubt, run Process Monitor".
Part 1 (last week) covers the tool itself.
Part 2 (this week) goes though a wide variety of examples showing how different techniques are required for different investigations.
Resources: Sysinternals Process Monitor
Timeline:
[00:00] - Last week...
[01:08] - Finding the Registry keys of the Explorer 'Folder Options' dialog
[08:30] - Using Summary reports to see the current filter's resource usage
[15:09] - Capturing a ProcMon log of system boot
[19:25] - Analyzing the boot log
[27:32] - The Startup/Shutdown chapter of the Windows Internals book [4th edition, 5th edition, 6th edition Part 2]. Note, it's Chapter 13, not Chapter 4, as mentioned on the show. Chapter 13 is in Part 2 of the 6th edition.
[28:17] - Next time...Autoruns
More Examples:
Case of the Unexplained... by Mark Russinovich
Sysinternals Gems by Aaron Margosis
Have feedback? Submit an issue here.