Download and Installation

The Process Monitor (ProcMon) utility by SysInternals has been around since 2006 and does many things apart from diagnosing application issues. It gives visibility into all the registry keys, file system placements, and network traffic. However, it does not capture mouse pointer movements or hardware-related changes. Still, if your objective is to capture malware, identify troublesome applications, or have a high-level overview of your Windows PC, ProcMon is the most advanced tool to have. Download the tool from the official Microsoft link. There is no installation involved, but you have to agree to the SysInternals software license terms while running the .exe file. Let the Process Monitor populate all the events in your Windows system. You don’t have to wait for the process to complete. Any running programs are automatically included in the analysis.

Problem Diagnosis with Windows Process Monitor

When the program populates the details, it can be overwhelming to see so many rows and columns. There are millions of entries. You don’t have to worry about all of them only the following:

Process names Process ID (PID): a four- or five-digit number File pathResult code: either “success” or many other entries, such as “name not found,” “Reparse,” etc.

To get quickly to the troublesome applications, go to “Tools -> Process Tree.” The dashboard will be populated with all the open and running applications in your system. A complete green block in the “Life Time” column usually indicates no issues within the concerned application. If your programs and Windows 10 system are updated, many of the registry errors and file health issues will not give you any trouble. For updated related issues, you can use another utility called SetUpDiag. Scroll down to the problem event and click “Go to Event” to navigate to the issue. In the following screen, ProcMon had diagnosed many problems with QQ Browser by Tencent. I noticed a process ID (“3428”) by its .exe file. Once the problem source is identified, you need to use an option called “Filters.” By right-clicking and adding the filter “Include” for a specific file executable, you focus on only one specific application. Go one step down and apply the filter. Depending on the number of entries, it may take a little while. There were thousands of entries for this filter. You can also exclude certain results such as “Success” or “Buffer Overflow,” as they indicate no trouble with the application. This will narrow down the search even further. Now focus on the most common result code for the troublesome application. For a complete list of result codes, user Lowell Vanderpool has compiled them in this link between pages 7 and 9. The issue “Name not found” was the most common problem here with thousands of entries, which means the caller tried to open an object which does not exist. In other words, there was something wrong with the installation itself. Thus, we have diagnosed the root of the problem.

Final Troubleshooting

Here we will show the final troubleshooting for the above program. Before solving the diagnosed issue which requires uninstalling, you may want to save the ProcMon file from “File -> Save” so that you can look at the concerned problems in the future. Saving the file also gives you the filter presets you just created. If you want to go back to the default settings, click “Reset.” As shown here, the program needs to be uninstalled because of many missing DLL files. Uninstalling the program isn’t always easy, so ProcMon has a right-click option called “Search online.” It led me to an Uninstall screen. Clicking the uninstaller removed the program completely. The uninstallation step is a nuclear option but works with programs which have too many file-missing issues. When I opened ProcMon again with the same filter presets, the issue with Tencent’s QQ Browser was no longer captured. You can use Windows Process Monitor to diagnose Windows application errors and solve the issues. It requires just a little practice to identify the major problem source. If your Windows is causing a 100% CPU usage error instead, check out the solutions here to fix it. We also have solutions for a Bad System Config Info error.