微软推荐下载进程监视小工具

  下载页面:<a href="http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/processmonitor.mspx" target="_blank">http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/processmonitor.mspx</a><br /><br />下载地址:<a href="http://download.sysinternals.com/Files/ProcessMonitor.zip" target="_blank">http://download.sysinternals.com/Files/ProcessMonitor.zip</a><br /><br /><br />以前是sysinternal公司的，后来被微软收购...这个是收购后出品的..整合了filemon <br />/regmon的process explorer，对DLL/注册表/硬盘文件变化整体监控！纯绿色解压就能用！<br /><br />Process Monitor v1.01<br />Published: November 9, 2006<br />Introduction<br /><br />Process Monitor is an advanced monitoring tool for Windows that shows <br />real-time file system, Registry and process/thread activity. It combines the <br />features of two legacy Sysinternals utilities, Filemon and Regmon, and adds <br />an extensive list of enhancements including rich and non-destructive <br />filtering, comprehensive event properties such session IDs and user names, <br />reliable process information, full thread stacks with integrated symbol <br />support for each operation, simultaneous logging to a file, and much more. <br />Its uniquely powerful features will make Process Monitor a core utility in <br />your system troubleshooting and malware hunting toolkit.<br /><br />Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP <br />SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of <br />Windows XP, Windows Server 2003 SP1 and Windows Vista.<br />Top of pageTop of page<br />Process Monitor Enhancements over Filemon and Regmon<br /><br />Process Monitor&#39;s user interface and options are similar to those of Filemon <br />and Regmon, but it was written from the ground up and includes numerous <br />significant enhancements, such as:<br />?<br /><br />Monitoring of process and thread startup and exit, including exit status <br />codes<br />?<br /><br />Monitoring of image (DLL and kernel-mode device driver) loads<br />?<br /><br />More data captured for operation input and output parameters<br />?<br /><br />Non-destructive filters allow you to set filters without losing data<br />?<br /><br />Capture of thread stacks for each operation make it possible in many cases <br />to identify the root cause of an operation<br />?<br /><br />Reliable capture of process details, including image path, command line, <br />user and session ID<br />?<br /><br />Configurable and moveable columns for any event property<br />?<br /><br />Filters can be set for any data field, including fields not configured as <br />columns<br />?<br /><br />Advanced logging architecture scales to tens of millions of captured events <br />and gigabytes of log data<br />?<br /><br />Process tree tool shows relationship of all processes referenced in a trace<br />?<br /><br />Native log format preserves all data for loading in a different Process <br />Monitor instance<br />?<br /><br />Process tooltip for easy viewing of process image information<br />?<br /><br />Detail tooltip allows convenient access to formatted data that doesn&#39;t fit <br />in the columna<br /><br />The best way to become familiar with Process Monitor&#39;s features is to read <br />through the help file and then visit each of its menu items and options on a <br />live system.