Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Boot logging is one of my favorite features in procmon. But after upgrading to windows 10, I found this function does not always work out.
Unable to write PROCMON23.sys.
Make sure that you have permission to write to the %%SystemRoot%%\System32\Drivers directory.
To work this out, we need to:
1. Delete %%SystemRoot%%\System32\Drivers\PROCMON23.sys. You may not delete this file from current running OS, but you can do this in WinPE.
2. Importent! Please start procmon with the following command:
C:\procmon\Procmon /BackingFile C:\procmon\log.pml /AcceptEula /Quiet /noconnect
3. Now, it works!
Comments
- Anonymous
December 09, 2015
I unhidde it and then rename procmon23.sys I could then run: C:procmonProcmon /BackingFile C:procmonlog.pml /AcceptEula /Quiet /noconnect and enable logging.