Process Monitor and Process Explorer Rock!

Process Monitor by SysInternals (owned by Microsoft) (not to be confused with Process Explorer) is a rewrite from the ground up of Regmon and FileMon. It combines the features or RegMon, FileMon, and adds Processes and Threads as well. It will aggregate the data in the trace, so you can see stuff like which process is accessing the disk/registry the most. Furthermore, you can add advanced filters such as monitoring a particular regkey, file, process, etc. Finally, the best part is that once you see a *problem*, you can get the thread *stack* (both kernel mode and usermode) of the process that is accessing that resource... how cool is that?! This requires the Debugging Tools for Windows to be installed and symbols, but that is easily done.

Process Explorer rocks as well because it can show you the current function calls that each of the threads of your process are one. For example, when Outlook is hung, you can see its current thread stacks (requires the Debugging Tools for Windows to be installed). Unfortunately, I can’t seem to get it to use my symbols path properly to make this feature more effective. In any case, it has information on just about anything you want to know about process.