Skip to main content
Super User

All Questions

Ask Question
Tagged with
8 questions
Newest Active Bountied Unanswered
-2 votes
1 answer
815 views

Sysinternals Process Monitor device driver: procedure could not be found

The most recent article I have found on this site regarding Systinternals Process Monitor is 13 years old. I must have missed something because I'm still having the same problem. I have Windows 7 on ...
Jacob Salomon's user avatar
Jacob Salomon
  • 117
0 votes
0 answers
80 views

What does the "QueryDeviceInformationVolume" operation in Process Monitor mean?

Seeing an operation called "QueryDeviceInformationVolume" in a SysInternals Process Monitor log when I start a desktop application. Simply trying to get some details about this operation and ...
JDeckSQL's user avatar
JDeckSQL
  • 1
0 votes
0 answers
435 views

Is it possible to use procmon to find out why a process ends?

Let's say I started notepad. In a PowerShell window, I run ps notepad | Stop-Process -Force to kill all notepad session. I captured a procmon trace during these operations. Is it possible to find out ...
Fajela Tajkiya's user avatar
Fajela Tajkiya
  • 137
1 vote
1 answer
430 views

Sysinternals procmon "Process Active Summary" is missing most processes

I am trying to track CPU usage of our build script and of all the processes it spawns to accomplish the task of creating a release. I ran a procmon64.exe (with profiling) session during the course of ...
David I. McIntosh's user avatar
David I. McIntosh
  • 324
1 vote
1 answer
468 views

How to enable "View Source" in Process Monitor?

Sysinternals Process Monitor has a button to "view the source" on a Event Properties > Stack element: It is disabled in my trace. What do I need to enable it?
TheUnexpected's user avatar
TheUnexpected
  • 442
29 votes
4 answers
9k views

What does the path '\REGISTRY\A\...' in Sysinternals Procmon log mean?

I use Sysinternals Procmon utility to monitor the registry access by some programs. Most log entries have the Path property starting from HKCU\… or HKLM\…, that corresponds to the registry hives ...
Vladimir Reshetnikov's user avatar
Vladimir Reshetnikov
  • 797
3 votes
2 answers
13k views

Is there a version of Process Monitor that runs on Windows 2000?

I have a problem I'm trying to track down on a Windows 2000 machine. I downloaded SysInternals Process Monitor (ProcMon.exe) but it seems to need Windows XP SP2 or higher. I've seen traffic that ...
rossmcm's user avatar
rossmcm
  • 1,596
3 votes
3 answers
5k views

Why is process monitor taking up 2+ gb of physical memory?

I am trying to hunt down a rogue process that is locking a file in a specific directory which is preventing a log being appended to. This locking happens about one to three times a week, so needless ...
ddechant's user avatar
ddechant
  • 33