How to Install & Use Process Monitor (ProcMon) - to gather data about loading CTD's

[Tellos Athenaios]

A guide to installing and using Process Monitor, a very helpful tool in tracking down the files (or lack thereof) that cause loading CTD's. This program collects data about programs which can be filtered to include or exclude certain sources.

===========================================================


Part one, or "how to install Process Monitor":

Step 1) Downloading.
Use this link: http://www.microsoft.com/technet/sys...ssmonitor.mspx

Scroll down till you see:

Left click it, and select save:

Step 2) 'Installing' it.
Easy, really easy. You don't have to; you can run it straight from the pack. To do so, run the application (the .exe file) you find in the compressed folder (the .zip file) you just downloaded:

You may receive some warnings:

&

If so, select "Run" every time.

===========================================================


Part two, or "your first attempt at running Process Monitor":

Process Monitor collects the data of ALL running programs on your PC. The key to turning loads of meaningless pieces of text on your screen into an error log that makes sense, is to apply filters. This section will guide you through the process of setting up a filter - and a filter you can use for tracking down EB bugs at that!

Step 1) Defining a filter.
The first thing Process Monitor does when you start it, is to prompt you with a window to apply filters:

Convenient, isn't it?

First, select the type of 'tag' you wish to filter by. Do you want to filter by path, process name or...?
In this case you should select "Process Name":

Next, select the desired relationship.
In this case you should select "is not".

Next, insert the name of the 'tag' you are filtering by.
In this case you are filtering by Process Name. You should enter "RomeTW.exe".

Now it should look like:

Click "Add".

Now it should look like:

Left click "Apply" and next left click "OK".

Step 2) The Registry Activity Button.

In the case of testing things for EB; you would want this to be turned off. In most other cases you would want so too.
To turn it off left click this button (the left-most of the three):

Now it should look like:

Step 3) Save your filter set-up

Left click "Filter", and select "Save":

Enter a name for your filter, for example:

Left click "OK".

Step 4) Run EB

Run EB, and recreate the loading CTD you experienced, while keeping Process Monitor running in the background. Needs no further explanation, I'd say.

Step 5) After recreating the CTD

Wait a bit, 'till you've seen some entries which state that the proces was closed. Then, press Ctrl+E. This will make the program quit capturing new events.

Next, copy paste the last few lines before the lines which say that the Process RTW.exe was closed; and post them with your bugreport!

Should you wish to reload EB: press Ctrl+X in Process Monitor, to clear the screen; and press Ctrl+E to resume capturing new events.

===========================================================


Part three, or "next time":

The next time you run Process Monitor you'll see the filter window again:

This time you don't have to bother with setting up a filter: simply left click "OK" and you are on your way.

(Note: Minor typo edits by Kull)