Using Process Explorer...

  • Thread starter Thread starter Ross M. Greenberg
  • Start date Start date
R

Ross M. Greenberg

I'm trying to use Process Explorer to capture and then examine all registry reads and/or rights by a single process. How do I go about displaying only those reads/writes to a process that begins with "fred"? I'm sure I'm going to use Filters, but how specifically?

Thanks!

Ross
 
I'm trying to use Process Explorer to capture
and then examine all registry reads and/or rights by a single process.
Click to expand...
How do I go about displaying only those reads/writes to a process that
begins with "fred"? I'm sure I'm going to use Filters, but how
specifically?
Click to expand...

You definitely wanted to say Process Monitor ( ProcMon.exe ),
follower and union of FileMon and RegMon.
Because Process Explorer ( ProcExp.exe ) is counterpart to task manager.

Run ProcMon and filter dialog displays.
Using filters is quite strait forward:

ProcessName begins with fred include
Event class is registry include
Operation is RegSetValue include
Operation is RegQueryValue include
( more operations possible )

You will learn quicly by browsing items and their possible values.
 
You definitely wanted to say Process Monitor ( ProcMon.exe ),
follower and union of FileMon and RegMon.
Because Process Explorer ( ProcExp.exe ) is counterpart to task manager.

Run ProcMon and filter dialog displays.
Using filters is quite strait forward:

ProcessName begins with fred include
Event class is registry include
Operation is RegSetValue include
Operation is RegQueryValue include
( more operations possible )

You will learn quicly by browsing items and their possible values.
Click to expand...

Easier way is set default ( or reseted ) setting,
and by right clicking chosing includes to filter.

In both ways the approach is this:
when no includes are present,
all but excluded items are displayed.

when includes are present,
only included but excluded items are listed.
 
So I tried the below, have got an empty screen when I okayed the filter the first time. I tried it again and got an Out Of Memory error.

Ross
 
So I tried the below, have got an empty screen when I okayed the
filter the first time. I tried it again and got an Out Of Memory
error.

Ross
Click to expand...

Aha ha ha ha ha ha .....

I was wondering how long it would take MS to completely ruin some of the
SysInternals utilites they purchased........

That just goes to prove a point. Some 3rd party developers are far more
capable programming for Windows that actual MS programmers themselves.
 
Seeing as they hired the author as well as buying the software, any failings
can still be attributed to him. Having met Mark, I doubt he would allow
anyone to cripple his software.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Windows help - www.rickrogers.org
My thoughts http://rick-mvp.blogspot.com
 
Back
Top