Just when I thought I was done talking about the SysInternals tools, Microsoft finally integrates them into their TechNet site and makes some changes. I’ve already mentioned a few in my last post, in this one I wanted to take a quick look at the new ProcMon.
Available at http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/processmonitor.mspx, the new Process Monitor (ProcMon) replaces two older tools, FileMon and RegMon. It will keep an eye on all disk activity, whether it be on the drive or the registry. In the example below you can see what’s going on in my system as I write this. For example, I have WinAmp playing a recent DotNetRocks episode.
![[Picture of Process Montiors main UI.]](https://arcanecode.files.wordpress.com/2006/11/WindowsLiveWriter/SysInternalsTheNewProcessMonitor_DB81/clip_image002.jpg?w=576&h=245)
One feature I rather like is the Process Tree, under the Tools menu.
![[Process Monitors Process Tree]](https://arcanecode.files.wordpress.com/2006/11/WindowsLiveWriter/SysInternalsTheNewProcessMonitor_DB81/clip_image004.jpg?w=370&h=388)
Here you can see some of the many programs I have running. All I have to do is click on one of them then click the Go To Event button and it will take me right to the event. Three buttons on the main toolbar make it very easy to filter down to the events you want to see.
![[Handy tools in the ProcMon Toolbar.]](https://arcanecode.files.wordpress.com/2006/11/WindowsLiveWriter/SysInternalsTheNewProcessMonitor_DB81/clip_image006%5B1%5D.jpg?w=1100&h=32){kind=small}
The leftmost button turns registry events on or off. The middle button shows or hides file system activity. The right most button toggles the display of process / thread activity. Other filters allow you to narrow down to specific files or events you want to monitor.
I like the new version of this tool, lots of new features that make me prefer this to the older FileMon/RegMon tools, which are still available if you want to do your own comparisons.
Arcane Code 