Command Line Options
Process Monitor supports several command line options:
/Openlog <saved PML log file>
Directs Process Monitor to open and load the specified log file.
/Backingfile <log file name>
Has Process Monitor create and use the specified file name as the logging file.
/Pagingfile
Save events to the paging file.
/Noconnect
When this flag is present Process Monitor does not automatically start logging activity.
/Nofilter
Clears the filter at startup.
/AcceptEula
Automatically accepts the license and bypasses the EULA dialog.
/Profiling
Enables the thread profiling event class.
/Minimized
Starts Process Monitor with its window minimized to the task bar.
/WaitForIdle
Wait for an instance of Process Monitor to become ready.
/Terminate
Terminate all instances of Process Monitor and exit.
/Quiet
Don't confirm filter settings on startup.
/Run32
Uses this switch to run the 32-bit version of Process Monitor on 64-bit Windows to open logs generated on 32-bit systems
/HookRegistry
This switch, which is available only on 32-bit Vista and Server 2008, has Process Monitor use system-call hooking instead of the Registry callback mechanism to monitor Registry activity, which enables it to see Softgrid virtual Registry operations on these operating systems. This option must be used the first time that Process Monitor is run on a system and should only be used to troubleshoot SoftGrid applications.
/SaveAs, /SaveAs1, /SaveAs2
Use these switches with the /OpenLog switch to have Process Monitor export a log file into CSV, XML, or PML format. The /SaveAs1 option includes stack information for export to XML format and the /SaveAs2 option adds symbol information.
/LoadConfig
Loads the specified filter and settings file.
and last but not least, when testing APP-V packages you can use the command line:
procmon.exe /externalcapture /noconnect
This is useful as the switch "/externalcapture" retrieves more registry entries than in a normal procmon run. (the "/HookRegistry" switch works only on 64bit systems) - The "/noconnect" starts procmon but without instant capturing.
Happy capturing!
Comments