Search notes:

Sysinternals tool: Procmon / Procmon64

Procmon.exe (or its 64-bit version Procmon64.exe allow to record and display events. Such events are

Interesting keyobard shortcuts

ctrl-T show process tree
ctrl-L manage filters
ctrl-X remove events
ctrl-E Enable/disable event gathering
ctrl-K Shows call stack at the time of the event

Filter rules

The filter rules are stored in the registry under the key HKEY_CURRENT_USER\Software\Sysinternals\Process Monitor
Different filters can be given a name and stored and retrieve. If given such a name, the ilter rules can be ex- and imported into/from a *.PMF file.

Display call stack of an event

Procmon is even able to show the the call stack that lead to an event. This functionality is opened with ctrl-K.
The dialog must be read bottom up.

See also

procexp, the process explorer, and pslist.
Sysinternals

Index

Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 8 attempt to write a readonly database in /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php:78 Stack trace: #0 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(78): PDOStatement->execute(Array) #1 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(30): insert_webrequest_('/notes/Windows/...', 1738257872, '18.191.236.5', 'Mozilla/5.0 App...', NULL) #2 /home/httpd/vhosts/renenyffenegger.ch/httpsdocs/notes/Windows/tools/Sysinternals/Procmon(77): insert_webrequest() #3 {main} thrown in /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php on line 78