 Logo of Process Monitor | |
 Screenshot of Windows 10 Process Monitor | |
| Other names | ProcMon |
|---|---|
| Original author(s) | Winternals Software |
| Developer(s) | Mark Russinovich and Bryce Cogswell |
| Stable release | |
| Preview release | v2.0 Preview / July 22, 2024; 7 months ago (2024-07-22) (Linux version) |
| Repository | github |
| Written in | C++ |
| Operating system | Windows XP SP2 and higher,Linux |
| Included with | Sysinternals |
| Available in | English |
| License | Windows:Proprietarycommercial software Linux:MIT License[2] |
| Website | Windows Sysinternals |
Process Monitor is a tool fromWindows Sysinternals, part of theMicrosoft TechNetwebsite. The tool monitors and displays in real-time all file system activity on aMicrosoft Windows orUnix-like operating system. It combines two older tools,FileMon andRegMon and is used insystem administration,computer forensics, and application debugging.
Process Monitor monitors and records all actions attempted against theMicrosoft WindowsRegistry. Process Monitor can be used to detect failed attempts to read and write registry keys. It also allows for filtering on specific keys, processes, process IDs, and values. In addition it shows how applications use files andDLLs, detects some critical errors insystem files and more.[3]
RegMon and its sister applicationFilemon were primarily created byMark Russinovich[4] andBryce Cogswell, employed byNuMega Technologies and laterSysInternals prior SysInternals being bought out byMicrosoft in 2006.
The two tools were combined to create Process Monitor.[5][6] Early versions of Process Monitor (up to version 2.8) ran onWindows 2000 SP4 with Update Rollup 1.[7] The current version for Windows only runs onWindows Vista and above.
Initially, ProcMon was only available forMicrosoft Windows. In November 2018, Microsoft confirmed it isportingSysinternals tools, includingProcDump and ProcMon, toLinux.[8] The Linux port of the software isopen source. It is licensed underMIT License and the source code is available onGitHub.[9]
FileMon (from aconcatenation of "File" and "Monitor") was a free utility for 32/64-bit Microsoft Windowsoperating systems which provided users with a powerful tool to monitor and display file system activity.
FileMon is no longer supported.
The RegMon utility from Sysinternals provided forensics onWindows Registry usage.
RegMon is no longer supported.
 | ThisMicrosoft Windows article is astub. You can help Wikipedia byexpanding it. |
