The Options|Show Milliseconds menu entry lets you add millisecond resolution to times presented when FileMon shows clock times. When showing duration the Time field in the output shows the number of seconds it took for the underlying file system to service particular requests. The button on the toolbar shows the current mode with a clock or a stopwatch. The Options menu and the clock toolbar button let you toggle between the two modes. If no line is selected a new search starts at the first entry in searching down, and at the last entry for searching up.įileMon can either timestamp events or show their duration. To start a search at a particular line in the output, select the desired line by clicking on the far left column (the index number).
You can repeat the search in the forward direction with the F3 key and in reverse with Shift+F3. You can search the output window for strings using the Find menu item (or the find toolbar button). A depth of 0 is used to signify no limit. The History Depth dialog, accessed via toolbar button or the Edit|History menu item, allows you to specify the maximum number of lines that will be remembered in the output window. Select the Network menu item to monitor accesses to any network resources, including remote shares and UNC path name accesses to remote volumes. The Volumes menu can be used to select and deselect monitored volumes. In many troubleshooting scenarios only open operations are of interest, for example. Select highlighting colors with Edit|Highlight Colors.Īdditional filter options select or deselect read, write or open operations. Use the highlight filter specify output that you want to have highlighted in the listview output. The include filter "Winword*Windows" would have FileMon only show accesses by Microsoft Word to files and directories that include the word "Windows". Wildcards allow for complex pattern matching, making it possible to match specific file accesses by specific applications, for example.
#Sysinternals filemon windows
Windows NT/2000 note: because of the asynchronous nature of file I/O, its not possible to filter on the result field.įor example, if the include filter is "c:\temp", and the exclude filter is "c:\temp\subdir", all references to files and directories under c:\temp, except to those under c:\temp\subdir will be monitored. Use ' ' to separate multiple strings in a filter (e.g. Only matches shown in the include filter, but that are not excluded with the exclude filter, are displayed. The '*' wildcard matches arbitrary strings, and the filters are case-insensitive. Use the Filter dialog, which is accessed with a toolbar button or the Edit|Filter/Highlight menu selection, to select what data will be shown in the list view. If Filemon's internal buffers are overflowed during extremely heavy activity, this will be reflected with gaps in the sequence number.Įach time you exit FileMon it remembers the filters you've configured, position of the window and the widths of the output columns. To start it with capture disabled use the /o switch on the command-line.Īs events are printed to the output, they are tagged with a sequence number. When FileMon starts it automatically captures file system activity.
To start FileMon without it prompting you specify the /q switch on the command line. If you've specified filters then FileMon will ask you to confirm filters used from the last session each time you start it. Menus, hot-keys, or toolbar buttons can be used to clear the window, select and deselect monitored volumes including network volumes (Windows NT/2K/XP), save the monitored data to a file, and to filter and search output.
When FileMon is started for the first time it will monitor all local hard drives. You must have administrator privilege to run FileMon. If you have questions or problems please visit the Sysinternals Filemon Forum.
#Sysinternals filemon full
It has full search capability, and if you find that you're getting information overload, simply set up one or more filters.įileMon works on NT 4.0, Windows 2000, Windows XP, Windows XP and Windows Server 2003 64-bit Edition, Windows 2003 Server, Windows 95, Windows 98 and Windows ME. It begins monitoring when you start it, and its output window can be saved to a file for off-line viewing. FileMon is so easy to use that you'll be an expert within minutes. Filemon's timestamping feature will show you precisely when every open, read, write or delete, happens, and its status column tells you the outcome. Its advanced capabilities make it a powerful tool for exploring the way Windows works, seeing how applications use the files and DLLs, or tracking down problems in system or application file configurations. Copyright © 1996-2006 Mark Russinovich and Bryce CogswellįileMon monitors and displays file system activity on a system in real-time.
0 kommentar(er)
