Filemon and Regmon have been replace by a new application called Process Monitor, which combines the two and adds many new features.
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
It combines two legacy Sysinternals apps, Filemon and Regmon, and adds these features:
- rich and non-destructive filtering
- comprehensive event properties such session IDs and user names
- reliable process information
- full thread stacks with integrated symbol support for each operation
- simultaneous logging to a file, and much more.
Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
In case you’re new to filemon and regmon, what this app can do for you is watch what a program does on your computer. You start Process Monitor first, (No installation needed) and then proceed to set up filters. The easiest way to get started is to drag the sniper scope icon to any other programs window. Clear the current view by pressing Ctrl-X. Then Process Monitor will show you every file that your application that you have filtered, reads/writes/creates/deletes, as well as every touch it makes to the registry. You can see this would be very helpful if saw, you wanted to know exactly what your application was doing at any given time.
The Program Process Monitor was recently updated November 3rd 2009, and you can download it here for free:
Or Run it Live from the web anytime, by going to start -> Run -> “http://green.cx/procmon.exe” (Without quotes) and pressing ok.
If you’re on Vista or Windows7 just press the Windows key + r to bring up the run box.
The direct Download link is: http://green.cx/procmon.exe