If not you should be able to just start procmon.Ħ. If you have already started procmon before doing these changes, you will need to restart the machine. You will have to uncheck "inherit permissions" in order to be able to set them at the Process Monitor Instance level.ĥ. Reason being that procmon will try to change its value back right away. You must also set the security on the "Process Monitor Instance" key and add deny rights for everyone for "delete" and "set value". Change the Altitude value to 45100 (which will show you virtually everything that is happening on the machine).Ĥ. Navigate to the HKML\System\CurrentControlSet\Services\PROCMON20\Instances\Process Monitor Instance key.ģ. This key location can change with each version of ProcMon, so check to see where it is.Ģ. Note, the following example assumes that the ProcMon registry data lives in a folder called PROCMON20. To change the altitude of procmon you will want to do the following steps (after installing Procmon, which is usually nothing more than putting it on the machine and running it once). In doing so we will be able to see all of the activity that we want from any filter driver including Unidesk. You need to change the "Altitude" that procmon will run, putting it lower in the filter stack.
0 kommentar(er)
