Process Monitor is an incredibly useful tool that will report on just about everything your PC applications are doing: the files they're accessing, Registry keys they're viewing, processes they're launching, and much more.
At its simplest, you can use the program simply to figure out why your hard drive is thrashing, even when you're not at the PC. Just launch Process Monitor, click File > Capture Events (if it's not already listing PC activity), and watch the process names listed on the left hand side. These will tell you which processes are opening and closing files, checking the Registry and so on. If you spot some unnecessary programs, perhaps an application running in the system tray, then removing it should cut any associated activity and speed up the rest of your PC.
Process Monitor is even better when it comes to troubleshooting misbehaving applications. Suppose you're trying to run a program called app.exe, for instance, only it crashes immediately, and you don't know why. What's going on? Run Process Monitor first and it can show you exactly which files and Registry keys that app.exe is looking for. If there's a missing file then you'll see it here; you could also explore the Registry keys it's viewing, just to confirm that any settings are configured correctly.
And if you're a geek who just likes to explore, then Process Monitor can give you hours of fun. Windows applets have many undocumented Registry settings, for instance, offering new ways to customise them - Process Monitor can help you spot these, and many other Windows secrets.
- includes a /runtime switch for terminating monitoring after a specified amount of time
- when in hexadecimal mode shows process tree process IDs in hexadecimal
- fixes a bug in automated boot log conversion