![]() Also the procmon executables should be copied to stop the boot logging and save the events to file.Ĭreate a registry file Procmon_boot_winpe_insert.reg within C:\myShare. To inject the procmon driver the registry of the must get an driver entry and the driver file must be copied to C:\Windows\System32\drivers. To automate the process copy all files on a network share procmon24.sys is hidden! You can copy the files by xcopyĬ:\> xcopy /h C:\Windows\System32\drivers\PROCMON24.SYS C:\temp You can get the procmon24.sys by starting Procmon on another machine and copy it from the C:\Windows\System32\drivers folder. Required files are the Procmon.exe and the related procmon24.sys driver. So you need to inject procmon just before the boot you want to log is started. If the systems boots multiple times the other boots are omitted by procmon. ![]() For debugging purposes it’s sometimes necessary to enable the boot logging feature of sysinternals procmon.īut you can only enable boot logging only by the GUI and it logs only one boot process.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |