/build/static/layout/Breadcrumb_cap_w.png

ProcMon command line switches including the hidden capture switch

Command Line Options

Process Monitor supports several command line options:

/Openlog <saved PML log file>

Directs Process Monitor to open and load the specified log file.

/Backingfile <log file name>

Has Process Monitor create and use the specified file name as the logging file.

/Pagingfile

Save events to the paging file.

/Noconnect

When this flag is present Process Monitor does not automatically start logging activity.

/Nofilter

Clears the filter at startup.

/AcceptEula

Automatically accepts the license and bypasses the EULA dialog.

/Profiling

Enables the thread profiling event class.

/Minimized

Starts Process Monitor with its window minimized to the task bar.

/WaitForIdle

Wait for an instance of Process Monitor to become ready.

/Terminate

Terminate all instances of Process Monitor and exit.

/Quiet

Don't confirm filter settings on startup.

/Run32

Uses this switch to run the 32-bit version of Process Monitor on 64-bit Windows to open logs generated on 32-bit systems

/HookRegistry

This switch, which is available only on 32-bit Vista and Server 2008, has Process Monitor use system-call hooking instead of the Registry callback mechanism to monitor Registry activity, which enables it to see Softgrid virtual Registry operations on these operating systems. This option must be used the first time that Process Monitor is run on a system and should only be used to troubleshoot SoftGrid applications.

/SaveAs, /SaveAs1, /SaveAs2

Use these switches with the /OpenLog switch to have Process Monitor export a log file into CSV, XML, or PML format. The /SaveAs1 option includes stack information for export to XML format and the /SaveAs2 option adds symbol information.

/LoadConfig

Loads the specified filter and settings file.

 

and last but not least, when testing APP-V packages you can use the command line:

 

procmon.exe /externalcapture /noconnect

 

This is useful as the switch "/externalcapture" retrieves more registry entries than in a normal procmon run. (the "/HookRegistry" switch works only on 64bit systems) - The "/noconnect" starts procmon but without instant capturing.

 

Happy capturing! Smile


Comments

This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ