Command Line Options
Process Monitor supports several command line options:
/Openlog <saved PML log file>
Directs Process Monitor to open and load the specified log file.
/Backingfile <log file name>
Has Process Monitor create and use the specified file name as the logging file.
Save events to the paging file.
When this flag is present Process Monitor does not automatically start logging activity.
Clears the filter at startup.
Automatically accepts the license and bypasses the EULA dialog.
Enables the thread profiling event class.
Starts Process Monitor with its window minimized to the task bar.
Wait for an instance of Process Monitor to become ready.
Terminate all instances of Process Monitor and exit.
Don't confirm filter settings on startup.
Uses this switch to run the 32-bit version of Process Monitor on 64-bit Windows to open logs generated on 32-bit systems
This switch, which is available only on 32-bit Vista and Server 2008, has Process Monitor use system-call hooking instead of the Registry callback mechanism to monitor Registry activity, which enables it to see Softgrid virtual Registry operations on these operating systems. This option must be used the first time that Process Monitor is run on a system and should only be used to troubleshoot SoftGrid applications.
/SaveAs, /SaveAs1, /SaveAs2
Use these switches with the /OpenLog switch to have Process Monitor export a log file into CSV, XML, or PML format. The /SaveAs1 option includes stack information for export to XML format and the /SaveAs2 option adds symbol information.
Loads the specified filter and settings file.
and last but not least, when testing APP-V packages you can use the command line:
procmon.exe /externalcapture /noconnect
This is useful as the switch "/externalcapture" retrieves more registry entries than in a normal procmon run. (the "/HookRegistry" switch works only on 64bit systems) - The "/noconnect" starts procmon but without instant capturing.