Process Monitor 4.01 Crashed Using Windows 10 Pro 32-bit

LouK 20 Reputation points
Sep 30, 2024, 8:54 PM

I was using Process Monitor 4.01 on Windows 10 Pro 32-bit with one "include" filter for "foobar2000.exe" (version 2.2 preview 2024-09-11) to check for "File Not Found" errors. There were no other filters added or changed from the defaults.

I let foobar2000.exe run for a few minutes then minimized Process Monitor while checking on a website. About half an hour later, Windows threw up a dialogue window saying Process Monitor crashed and some information was sent to Microsoft. I checked for a DMP file in the hope of seeing what caused the crash, but there is no DMP file for that event.

Is there any way to find out what caused the crash? I don't know if this is bug in Process Monitor 4.01 or with the Windows installation on this PC. It is a Dell built in 2010, and running Windows 10 Pro 32-bit.

I've used Process Monitor a few times before this crash without issues, but this is the first time I let it run minimized for more than a few minutes. Maybe the length of time it was running caused a problem?

Thanks.

Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,188 questions
0 comments No comments
{count} votes

Accepted answer
  1. Lucas 261 Reputation points
    Oct 2, 2024, 8:59 PM

    Process Monitor will eat up all of your computer memory if you let it run like that, until procmon or you computer crashes.

    Fortunately, you can adjust the settings to prevent this. You have two options:

    1. Store procmon data on the disk rather that in memory
      1. Go to File -> Backing File
      2. Select "Use file named" instead of "Use virtual memory."
      3. Choose a path for the capture files (warning, check that you have enough space available! Do not fill up your system drive!)
      4. Clear events and Restart the capture so that the settings are taken into account.
    2. And/Or you can configure Procmon so that it'll discard the events that don't match your filter (thus, using way less memory/disk space).
      1. Go to Filter -> enable the "Drop Filtered Events" option
      2. Clear the events and Restart the capture.

    By using option 1 and / or 2 you can let procmon run for hours or even days especially if you filter the events properly and enable the "Drop Filtered Events" option.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.