Trace Application Activity with Process Monitor (ProcMon.exe)

Sometimes, an application gives you a generic error that a file or setting is missing or unavailable, but doesn’t give you enough information to identify exactly what it’s trying to open. With this free download from Microsoft, Process Monitor, you can monitor all activity on your computer, including the exact registry keys and files being accessed, and whether or not each access attempt was successful.

Process Monitor replaces FileMon and RegMon (tools made by the SysInternals guys, who are now part of Microsoft) by duplicating the functionality of each. To use it, follow these steps:

1. Download Process Monitor and extract the .ZIP file to a folder.

2. Double-click the ProcMon.exe file to run it. It doesn’t add a shortcut to the Start menu, but you can manually add one.

3. Run the application that’s having a problem, and duplicate the error.

4. Return to Process Monitor. Click the File menu, and then clear the Capture Events check box.

5. Browse the list of events. Right-click any entry with your process name, click Include, and then click Process Name. Now, you can easily see the events that your application created.

6. Look for events with a result other than SUCCESS. To hide the success events, right-click any successful event, click Exclude, and then click Result. Process Monitor shows just those events that had problems.

7. Once you determine the registry key or file that can’t be accessed, replace it (you might copy it from another computer) or, if it’s a security problem, change the permissions so that your application can access it.

If you continue to have problems, you might have more than one unavailable resource. Just repeat these steps to solve the additional problems.