HOME

TheInfoList



Click Here for Items Related To - Filemon
OR:
Filemon on:   [Wikipedia]   [Google]   [Amazon]

Process Monitor is a tool from
Windows Sysinternals Windows Sysinternals is a website that offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Originally, the Sysinternals website (formerly known as ntinternals) was created in 19 ...
, part of the
Microsoft TechNet Microsoft TechNet was a Microsoft web portal and web service for IT professionals. It included a library containing documentation and technical resources for Microsoft products, a learning center which provides online training, discussion forum ...
website A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google, Facebook, Amazon, and Wi ...
. The tool monitors and displays in real-time all file system activity on a Microsoft Windows or
Unix-like A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
operating system. It combines two older tools, ''FileMon'' and ''RegMon'' and is used in system administration, computer forensics, and application debugging.


Overview

Process Monitor monitors and records all actions attempted against the Microsoft Windows
Registry Registry may refer to: Computing * Container registry, an operating-system-level virtualization registry * Domain name registry, a database of top-level internet domain names * Local Internet registry * Metadata registry, information system for re ...
. Process Monitor can be used to detect failed attempts to read and write registry keys. It also allows for filtering on specific keys, processes, process IDs, and values. In addition it shows how applications use files and DLLs, detects some critical errors in system files and more.


History

RegMon and its sister application Filemon were primarily created by
Mark Russinovich Mark Eugene Russinovich (born December 22, 1966) is a Spanish-born American software engineer and author who serves as CTO of Microsoft Azure. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006. Ea ...
and Bryce Cogswell, employed by NuMega Technologies and later
SysInternals Windows Sysinternals is a website that offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Originally, the Sysinternals website (formerly known as ntinternals) was created in 19 ...
prior SysInternals being bought out by
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washin ...
in 2006. The two tools were combined to create Process Monitor. Early versions of Process Monitor (up to version 2.8) ran on
Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officiall ...
SP4 with Update Rollup 1. The current version for Windows only runs on
Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
and above. Initially, ProcMon was only available for Microsoft Windows. In November 2018, Microsoft confirmed it is
porting In software engineering, porting is the process of adapting software for the purpose of achieving some form of execution in a computing environment that is different from the one that a given program (meant for such execution) was originally desi ...
Sysinternals Windows Sysinternals is a website that offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Originally, the Sysinternals website (formerly known as ntinternals) was created in 19 ...
tools, including
ProcDump ProcDump is a command-line application used for monitoring an application for CPU spikes and creating crash dumps during a spike. The crash dumps can then be used by an administrator or software developer to determine the cause of the spike. ProcD ...
and ProcMon, to
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, w ...
. The Linux port of the software is open source. It is licensed under
MIT License The MIT License is a permissive free software license originating at the Massachusetts Institute of Technology (MIT) in the late 1980s. As a permissive license, it puts only very limited restriction on reuse and has, therefore, high license comp ...
and the source code is available on
GitHub GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continu ...
.


FileMon

FileMon (from a
concatenation In formal language theory and computer programming, string concatenation is the operation of joining character strings end-to-end. For example, the concatenation of "snow" and "ball" is "snowball". In certain formalisations of concatenat ...
of "File" and "Monitor") was a free utility for 32/64-bit Microsoft Windows operating systems which provided users with a powerful tool to monitor and display file system activity. FileMon is no longer supported.


RegMon

The RegMon utility from Sysinternals provided forensics on
Windows Registry The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and ...
usage. RegMon is no longer supported.


See also

*
Process Explorer Process Explorer is a freeware task manager and system monitor for Microsoft Windows created by SysInternals, which has been acquired by Microsoft and re-branded as Windows Sysinternals. It provides the functionality of Windows Task Manager along ...
*
ProcDump ProcDump is a command-line application used for monitoring an application for CPU spikes and creating crash dumps during a spike. The crash dumps can then be used by an administrator or software developer to determine the cause of the spike. ProcD ...


References


External links

*
GitHub - microsoft/ProcMon-for-Linux
Console applications Unix process- and task-management-related software System administration System monitors Task managers Free software programmed in C++ Microsoft free software Software using the MIT license Windows administration {{Windows-stub ru:FileMon