1

In Process Monitor, is it possible see what data is being read/written to a particular item, be it a file or registry? For example, if a program added "platform=x64" to settings.ini somewhere, Process Lasso (or similar) would show something like "Data: 'platform=x64'" in the Detail/Data column.

Occasionally, it seems Process Lasso is sometimes able to show data that was written or read to the registry, however most other times it does not. I know it'd be possible to take a diff between a before and after of a file or registry entry being written to, but this wouldn't work for reads-data, and this would also necessitate needing to know what files/registry areas will be read/written to beforehand.

So I'm wondering if Process Monitor is able to see this data on its own, and if not, if there is any other way to see this read/written data "live".

Improve this question
2
  • what data... Do you mean the actual bits, or how much was written/read, or something else entirely?
    – I say Reinstate Monica
    Commented Jun 21, 2019 at 22:25
  • @TwistyImpersonator Meaning the actual bits, so if a program added "platform=x64" to its settings.ini, Process Lasso (or similar) would show something like "Data: 'platform=x64'" in the Detail/Data column. It seems Process Lasso can sometimes do this with registry entries, displaying the data in the Detail column, though not always.
    – Coldblackice
    Commented Jun 24, 2019 at 20:58

0

Reset to default

You must log in to answer this question.