Defrag Tools: #4 - Process Monitor - Examples

Play Defrag Tools: #4 - Process Monitor - Examples

The Discussion

  • User profile image

    really enjoy these videos, I used these Tools alot when working for Microsoft PYPC support and they are very usefull when you get to really know them Smiley

  • User profile image

    Would be terrific if the SysInternals tools came with source code. Or at least if there were source code snippets in the SysInterals books that Mark publishes.


  • User profile image

    At about 7:00 in, Larry asks what the "SuperHidden" registry setting is for, under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced.

    In Microsoft parlance, "super hidden" files are files which have both the System and Hidden file system attributes set. By default they are hidden from view, even if you've chosen to show hidden files. If for some reason you really want to see them, you can change this setting through the Explorer UI by going to Tools/Folder Options/View, and unchecking "Hide protected operating system files (Recommended)."

    However, the registry value that actually changes when you do this is called "ShowSuperHidden"! So, what's "SuperHidden" for?

    Well, as it turns out... it's a bug. It's been fixed in Windows 8, and "SuperHidden" is gone. There's only "ShowSuperHidden" now. Smiley

  • User profile image

    [01:08] - Finding the Registry keys of the Explorer 'Folder Options' dialog

    this can be done much, much easier with RegFromApp:

     Generic Comment Image

    Run it, select the Explorer.exe, change the value and save the data as .reg file Smiley

    [19:25] - Analyzing the boot log

    xbootmgr and xperfview are still the better tools for boot tracing. Generate the summary
    Generic Comment Image

     to see how long Windows boots. And here you can easily see what is slow. Here it is WinLogonInit which starts services, restore network connections, runs Group policies and logs on the user to the system.

  • User profile image

    @MagicAndre1981: xperf is scheduled for a future episode. And yes, I agree that it allows you to go deeper. ProcMon does do a very good job though of presenting information required to get an idea of what is happening.

  • User profile image
    Tom Hall

    Guys - I've been following your Sysinternals Tools show ...

    This is the 1st time I've fired-up ProcMon on my current installation (Win8_RP_x64)
    I followed through your 1st example about the Advanced Explorer settings etc (and it worked),
    But after that, I needed some relaxation, so I fired-up Crysis (under Steam), and was hit by errors including "check internet access", "unable to contact license server"

    I run Norton 360, and all the other programs I've tried have managed to access the internet Ok

    I've checked the Steam User's forums, and there appears to be a suspicion that ProcMon makes Crysis think there's "malware" so it won't run

    Anay comments folks ?

    ps. Crysis2 works fine

  • User profile image

    Best procmon tip:  filter on 'category contains write' to see registry and file changes.  Too bad you can't export to a .reg file.

    I wish there was a column called 'total disk seek distance'.


  • User profile image

    @Tom Hall: Procmon may indeed be looked for by crysis. Some games don't like you looking at the I/O operations as they think you are trying to hack the game. All you can do iscrebiit (to unload the driver) and then play the game. Smiley

  • User profile image


    Very interesting but  bit too deep for me to fully understand and use.

    I am running W7 Home premium and something is turning on the Speaker/Headphones (I normally have them muted and use the Microsoft control to turn them on and off). As I am booting a speaker symbol with a white scale opens on the screen and unmutes the speaker/headphones. I used Process Monitor to make a boot log but can't seem to find out what is un-muting the speakers.

    I have watched the videos several times but they move so fast and my knowledge is very limited so I get lost.

    Can you give me some tips on what to look for so I can track this event down.

    I would be glad to upload my bootlog file if that would help!

    Thanks in advance for your help and guidance!






Add Your 2 Cents