.NET Zone is brought to you in partnership with:

I’ve been a Windows developer since 3.0 and caught the Visual Basic wave early with v1. I’ve released a “production” application in every version of VB since then (except VB for DOS). Focusing on enterprise, line-of-business development I’ve built Call Center Applications, Mortgage finance systems, Customer Relationship Management tools and more recently I’ve been in the Litigation Support/Electronic Data Discovery/Electronically Stored Information space. Greg is a DZone MVB and is not an employee of DZone and has posted 477 posts at DZone. You can read more from them at their website. View Full User Profile

Using Process Monitor to Solve Nearly Any Problem

  • submit to reddit

benjamin perkins - Using Process Monitor to solve any problem, including DebugDiag

I attended TechReady15 and took part in a session from Mark Russinovich, the creator of Process Monitor and many if not all of the System Internals tools.  He mentioned that there is no problem which Process Monitor cannot be used to help resolve. I put that to the test when I received the error message, Figure 1, from DebugDiag while trying to analyze a memory dump.


Figure 1, DebugDiag error, ShellExecute failed to display the report.  The returned code was 2.

I started up Process Monitor and reproduced the issue.  In the amount of time it took to reproduce the error, Process Monitor had logged 100,000s of events.  No problem, this is where the filtering comes in handy.  Figure 2 illustrates the filter I used to reduce the events to just those used by the DebugDiag process.  You can get to the filter window by clicking on the filter icon, circled in red in Figure 2, selecting Filter -> Filter… or by pressing CTRL + L.


Not bad, I have been able to reduce the number of events from half a million to 17.  By default, User Name is not added to the column list.  Right-click on the column and I can see which credentials are being used and are receiving the ACCESS DENIED error.  I was using my own credentials which did not have the required rights to create the required files.


I opened DebugDiag as an administrator as shown in Figure 5 and the issue did not happen anymore.

Figure 4, DebugDiag, Run as administrator

I recommend adding Process Monitor to your skill set as you can troubleshoot and resolve a lot of problems with it…even on your own machine…


Nice kind of recursive example of using Processing Monitor to debug a debug tool...

Related Past Post XRef: 
The “Windows Sysinternals Primer: Process Explorer, Process Monitor, and More” from TechEd 2010 North America 
Sysinternals 101 – “Notes from the field,” a quick intro to a few Sysinternals utilities (Process Explorer, TCPView, Process Monitor, VMMap) 
Hands On Learning How to Use the Sysinternals Process Monitor Utility

Use the Sysinternals Utilities? The EULA bug dialog you? Then try this…

Sysinternals Update Day – Including new major release of Process Monitor (think PM + Network Monitoring = v2) 
It’s a new Sysinternals Tool Day! RAMMap v1.0 released 
New Sysinternals utility released today, Disk2vhd v1.0 – Yes, creating a VHD from a physical hard drive, even an online one, is now a couple clicks away…

The latest Sysinternals utilities are just a URL away, Live.Sysinternals.com 
A handy PowerShell script to keep your Sysinternals Suite up to date

It's a sweet suite! Windows Sysinternals Suite gets a summer refresh [August 3, 2012]... 
Sysinternals Suite 2010 Refreshed - All the latest versions, one 12.4MB zip… 
Sysinternals Suite Refreshed – All the latest Sysinternals Utilities, one tiny zip (well 10MB zip…) 
Sysinternals Suite (8MB of Complete Sysinternals Goodness)

Published at DZone with permission of Greg Duncan, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)