How to Debug Windows Application Errors with Process Monitor

Featured Image Windows Process Monitor

Do you have a Windows 10 application that isn’t working to your expectations? Perhaps it’s too slow, crashes suddenly, or has untold problems that are difficult to pinpoint. One way to get to the root of the issue is to use a free official Microsoft utility called Process Monitor. This would help you to diagnose and debug any Windows application errors and problems.

Download and Installation

The Process Monitor (ProcMon) utility by SysInternals has been around since 2006 and does many things apart from diagnosing application issues. It gives visibility into all the registry keys, file system placements, and network traffic.

However, it does not capture mouse pointer movements or hardware-related changes. Still, if your objective is to capture malware, identify troublesome applications, or have a high-level overview of your Windows PC, ProcMon is the most advanced tool to have.

Download the tool from the official Microsoft link. There is no installation involved, but you have to agree to the SysInternals software license terms while running the .exe file.

Win Process Moniytor License

Let the Process Monitor populate all the events in your Windows system. You don’t have to wait for the process to complete. Any running programs are automatically included in the analysis.

Win Process Monitor Initiating

Problem Diagnosis with Windows Process Monitor

When the program populates the details, it can be overwhelming to see so many rows and columns. There are millions of entries. You don’t have to worry about all of them only the following:

  • Process names
  • Process ID (PID): a four- or five-digit number
  • File path
  • Result code: either “success” or many other entries, such as “name not found,” “Reparse,” etc.

To get quickly to the troublesome applications, go to “Tools -> Process Tree.”

Win Process Monitor Gototree

The dashboard will be populated with all the open and running applications in your system. A complete green block in the “Life Time” column usually indicates no issues within the concerned application. If your programs and Windows 10 system are updated, many of the registry errors and file health issues will not give you any trouble. For updated related issues, you can use another utility called SetUpDiag.

Win Process Monitor Applications In Process Tree

Scroll down to the problem event and click “Go to Event” to navigate to the issue. In the following screen, ProcMon had diagnosed many problems with QQ Browser by Tencent. I noticed a process ID (“3428”) by its .exe file.

Once the problem source is identified, you need to use an option called “Filters.” By right-clicking and adding the filter “Include” for a specific file executable, you focus on only one specific application.

Win Process Monitor Filter Include

Go one step down and apply the filter. Depending on the number of entries, it may take a little while. There were thousands of entries for this filter.

Win Process Monitor Applying Event Filter

You can also exclude certain results such as “Success” or “Buffer Overflow,” as they indicate no trouble with the application. This will narrow down the search even further.

Win Process Monitor Filter Exclude

Now focus on the most common result code for the troublesome application. For a complete list of result codes, user Lowell Vanderpool has compiled them in this link between pages 7 and 9. The issue “Name not found” was the most common problem here with thousands of entries, which means the caller tried to open an object which does not exist. In other words, there was something wrong with the installation itself. Thus, we have diagnosed the root of the problem.

Win Process Monitor Include Eventid

Final Troubleshooting

Here we will show the final troubleshooting for the above program. Before solving the diagnosed issue which requires uninstalling, you may want to save the ProcMon file from “File -> Save” so that you can look at the concerned problems in the future.

Win Process Monitor Save File

Saving the file also gives you the filter presets you just created. If you want to go back to the default settings, click “Reset.”

Win Process Monitor Filters Review

As shown here, the program needs to be uninstalled because of many missing DLL files. Uninstalling the program isn’t always easy, so ProcMon has a right-click option called “Search online.” It led me to an Uninstall screen.

Win Process Monitor Uninstall Program

Clicking the uninstaller removed the program completely.

Win Process Monitor Program Uninstalling

The uninstallation step is a nuclear option but works with programs which have too many file-missing issues.

Win Process Monitor Program Uninstalled

When I opened ProcMon again with the same filter presets, the issue with Tencent’s QQ Browser was no longer captured.

Win Process Monitor Issue Not Visible

You can use Windows Process Monitor to diagnose Windows application errors and solve the issues. It requires just a little practice to identify the major problem source.

If your Windows is causing a 100% CPU usage error instead, check out the solutions here to fix it. We also have solutions for a Bad System Config Info error.

Related:

Sayak Boral Sayak Boral

Sayak Boral is a technology writer with over ten years of experience working in different industries including semiconductors, IoT, enterprise IT, telecommunications OSS/BSS, and network security. He has been writing for MakeTechEasier on a wide range of technical topics including Windows, Android, Internet, Hardware Guides, Browsers, Software Tools, and Product Reviews.

2 comments

  1. Is there any way to use PM to find the cause of a BSoD?
    (btw: “ebug” in your url was probably meant to be “debug”).
    Very inforamtive article – thanks!

    1. Thanks for your comment. Yes, if the BSOD is due to a corrupted registry, you can use ProcMon to diagnose the issue. To capture all the boot-related events, go to Options > Enable Boot Logging, and restart the computer. Try to notice any registries that were corrupted. Again for this, you will have to go to Tools -> Process Tree. You can also use ProcMon to solve a slow boot problem.

      But, BSOD can also be fixed using startup repair of corrupted registry and any driver issues.
      https://www.maketecheasier.com/blue-screen-of-death-windows/

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.