A-A+

Process Monitor v1.32

Process Monitor 是 Windows 系統的即時監控程式,可以即時顯示系統目前的檔案系統、登錄機碼、行程及緒程的細節,並且可以在 Windows 2000 SP4 with Update Rollup 1、Windows XP SP2、Windows Server 2003 SP1、Windows Vista,以及 x64 版本的 Windows XP、Windows Server 2003 SP1、Windows Vista 等作業系統執行。

Process Monitor(如圖 1)是 Filemon、Regmon、Pslist、Process Explorer 等 Windows Sysinternals 工具程式的綜合體,只是行程監控的功能比 Process Explorer 少。任何行程對檔案或登錄機碼的讀寫事件,都會被 Process Monitor 即時呈現出來,包括順序、讀寫的時間、行程的 ID、讀寫的類型、路徑、結果,以及相關細節等等,而使用者可以自行選擇要顯示哪些資訊。

圖 1:Process Monitor

圖 1:Process Monitor

執 行 Process Monitor 需要本機管理者權限,執行之後,Process Monitor 隨即開始監控並依照設定顯示檔案系統、登錄機碼、行程及緒程的細節,您也會發現 Process Monitor 視窗左下角狀態列有兩個數字一直在增加,這兩個數字代表系統發生的事件數量(後),以及 Process Monitor 顯示的事件數量(前)。Process Monitor 從行程或緒程起始之後,就會顯示其活動的情況,包括載入 DLL 或核心模式的驅動程式、對檔案或登錄機碼的讀或寫,以及活動的結果(成功與否);而當行程結束,Process Monitor 也會顯示結束的狀態碼。

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.

下載檔案

標籤: