Basics of Process Monitor and Troubleshooting

Background
Process Monitor (Procmon) is an advanced monitoring tool for Windows that shows real-time
file system, registry and process/thread activity. Procmon is occasionally used for advanced
troubleshooting of PI System products. This article demonstrates how to generate a log file
using Procmon; contact technical support for additional help.

Setting up Process Monitor is very easy – there’s actually no real setup required!

1. Download Process Monitor

2. Extract the .zip file, and run Procmon.exe
3. Click Agree to the EULA screen
4. Process Monitor will start logging automatically

Example use cases

It may be helpful to use Procmon whenever verbose file or registry activity information is
needed. Consider the following examples:
 ProcessBook displays (PDI) and workbook (PIW) files take a long time to load. This
issue may result from accessing a registry key for a specific add-in; Procmon logs all
registry operations and displays registry paths to help track down the issue.
 With Microsoft Office 2007, Excel introduced a ribbon-based UI, which is used by PI
DataLink 4.0 (or later). Since the ribbon-loading is done via the registry, you can
use Procmon to help troubleshoot issues with the PI DataLink ribbon not showing up.
 A program is editing the PI Server on startup, and you need to know what it is and where
it is located. Note this also requires boot logging in Procmon to be enabled
(select Options > Enable Boot Logging; step-by-step instructions with screenshots are
available here).

Use Procmon to generate a log file

1. Download and extract the latest version of Procmon from Microsoft.
2. Run Procmon.exe as administrator.
3. Filter results (select Filter > Filter... or type Ctrl+L). Example filters:
o By process name (for example, "Process Name is excel.exe then Include")
o By registry key of interest (for example, "Path contains LoadBehavior then
Include")
4. Reproduce behavior of interest (open .pdi files that take a long time to open,
open Excel, restart the computer for boot logging, and so on.)
5. Save the log to a file. Select "Events displayed using current filter" (otherwise
the file will be large), select "Native Process Monitor Format (PML)," and specify your
output location.

6. Sometimes it is useful to generate and compare two logs: one with expected
behavior and another with the issue. This would be useful to diagnose a case where, for
example, users experience an issue while admins do not.
7. Zip the PML files to reduce size before transferring.