Not a lot of people realize that in both Process Monitor and Process Explorer you can configure a symbol server. The call stack in the above image is not very helpful as it is only showing the offset addresses(under Location). Process Monitor also shows you the call stack of the thread that lead to the file system / registry access. It logs all access to the file system / registry by all processes on the machine (can be filtered).
Process Monitor is my favourate and it can be used to monitor file system / registry activity on a machine. Process Explorer can be used to investigate a running process from handles to dlls loaded.
Process Monitor and Process Explorer are great tools for troubleshooting issues on Windows machines.
0 kommentar(er)
