Using Process Explorer...

I'm trying to use Process Explorer to capture and then examine all registry reads and/or rights by a single process. How do I go about displaying only those reads/writes to a process that begins with "fred"? I'm sure I'm going to use Filters, but how specifically?

Thanks!

Ross

Thank you for wasting my time... I see you got through the filter...

"Brontosaurus Burger AKA Vista!" <> wrote in message news:493951c4$...
> Fred no... Frank possible though.. just apply the "douche bag" filter and
> you will see Franks processes.

In article <POb_k.4254$>,
says...>
> I'm trying to use Process Explorer to capture
> and then examine all registry reads and/or rights by a single process.

> How do I go about displaying only those reads/writes to a process that
> begins with "fred"? I'm sure I'm going to use Filters, but how
> specifically?
>

You definitely wanted to say Process Monitor ( ProcMon.exe ),
follower and union of FileMon and RegMon.
Because Process Explorer ( ProcExp.exe ) is counterpart to task manager.

Run ProcMon and filter dialog displays.
Using filters is quite strait forward:

ProcessName begins with fred include
Event class is registry include
Operation is RegSetValue include
Operation is RegQueryValue include
( more operations possible )

You will learn quicly by browsing items and their possible values.

In article <MPG.23a3a3b66491e1b09896ab@127.0.0.1>,
says...>
>
> You definitely wanted to say Process Monitor ( ProcMon.exe ),
> follower and union of FileMon and RegMon.
> Because Process Explorer ( ProcExp.exe ) is counterpart to task manager.
>
> Run ProcMon and filter dialog displays.
> Using filters is quite strait forward:
>
> ProcessName begins with fred include
> Event class is registry include
> Operation is RegSetValue include
> Operation is RegQueryValue include
> ( more operations possible )
>
> You will learn quicly by browsing items and their possible values.

Easier way is set default ( or reseted ) setting,
and by right clicking chosing includes to filter.

In both ways the approach is this:
when no includes are present,
all but excluded items are displayed.

when includes are present,
only included but excluded items are listed.

So I tried the below, have got an empty screen when I okayed the filter the first time. I tried it again and got an Out Of Memory error.

Ross

"Poutnik" <> wrote in message news:MPG.23a3a3b66491e1b09896ab@127.0.0.1...
> In article <POb_k.4254$>,
> says...>
>> I'm trying to use Process Explorer to capture
>> and then examine all registry reads and/or rights by a single process.
>
>> How do I go about displaying only those reads/writes to a process that
>> begins with "fred"? I'm sure I'm going to use Filters, but how
>> specifically?
>>
>
> You definitely wanted to say Process Monitor ( ProcMon.exe ),
> follower and union of FileMon and RegMon.
> Because Process Explorer ( ProcExp.exe ) is counterpart to task manager.
>
> Run ProcMon and filter dialog displays.
> Using filters is quite strait forward:
>
> ProcessName begins with fred include
> Event class is registry include
> Operation is RegSetValue include
> Operation is RegQueryValue include
> ( more operations possible )
>
> You will learn quicly by browsing items and their possible values.

"Ross M. Greenberg" <> wrote in
news:0rh_k.4298$:

> So I tried the below, have got an empty screen when I okayed the
> filter the first time. I tried it again and got an Out Of Memory
> error.
>
> Ross

Aha ha ha ha ha ha .....

I was wondering how long it would take MS to completely ruin some of the
SysInternals utilites they purchased........

That just goes to prove a point. Some 3rd party developers are far more
capable programming for Windows that actual MS programmers themselves.

Seeing as they hired the author as well as buying the software, any failings
can still be attributed to him. Having met Mark, I doubt he would allow
anyone to cripple his software.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Windows help - www.rickrogers.org
My thoughts http://rick-mvp.blogspot.com

"DanS" <> wrote in message
news:Xns9B6BC06713F25thisnthatroadrunnern@85.214.1 05.209...
> "Ross M. Greenberg" <> wrote in
> news:0rh_k.4298$:
>
>> So I tried the below, have got an empty screen when I okayed the
>> filter the first time. I tried it again and got an Out Of Memory
>> error.
>>
>> Ross
>
> Aha ha ha ha ha ha .....
>
> I was wondering how long it would take MS to completely ruin some of the
> SysInternals utilites they purchased........
>
> That just goes to prove a point. Some 3rd party developers are far more
> capable programming for Windows that actual MS programmers themselves.