Nov. 9th Update:Microsoft has completed the merger of SysInternals into it’s internal TechNet area. Along with that they’ve renamed the old Process Monitor to Process Explorer. They have a new Process Monitor tool that combines the functionality of the two tools I mention below. Both tools below are still available, but you should also take a look at the new Process Monitor to see if it will better suit your needs.
How many times have you watched your hard drive light flicker and wondered “What the heck is banging my hard disk?” Well FileMon will help you figure this out. FileMon simply displays all the applications that are accessing your drives.
![[Picture of FileMon.]](https://arcanecode.files.wordpress.com/2006/11/WindowsLiveWriter/SysInternalsTwoMonitorPrograms_11823/clip_image002.jpg?w=1100&h=206)
As you can see in the sample above, you can monitor all the items that are reading and writing to your disks. You can use filters in case there’s a particular program or programs you are interested in. The filters are nice in that you can use either includes (I only want to see…) or excludes (I want to see everything but…). Additionally you can save the output to a log so you can analyze it later.
Along the same lines is RegMon. RegMon is a Registry Monitor that will give you info on what is accessing your registry. Like FileMon there are filters and logging capability.
![[Picture of RegMon.]](https://arcanecode.files.wordpress.com/2006/11/WindowsLiveWriter/SysInternalsTwoMonitorPrograms_11823/clip_image004.jpg?w=1100&h=200)
Two great monitoring tools to help you with debugging, and like all the SysInternals tools, free for the taking.
Arcane Code 