作为Windows用户，在某些时候，您确实会担心机器的速度。这可能与您的系统在登录时的响应速度或完成日常任务的运行速度有关。要准确查找 PC 上运行的程序在做什么，您需要安装一个监控工具，这就是Sysinternals Process Monitor工具的用武之地。

使用 Process Monitor^{(Use Process Monitor)}测量重启和登录时间

尽管有多种Windows 监控工具^{(monitoring tools for Windows)}，但Process Monitor提供了高级诊断并解决了各种故障排除方案。它的开发目的是从系统启动阶段开始监控系统，并提供有用的信息，例如：

• 系统显示登录屏幕所需的时间
• 用户输入凭据所需的时间
• 系统启动资源管理器所需的时间
• 系统将桌面设置为就绪状态所需的时间（桌面^(Desktop)处于就绪状态表示Windows已启动其大部分服务和进程，用户可以开始与各种应用程序交互而无需等待忙碌的光标标志)

进程监视器^{(Process Monitor)}的特点如下：

• 显示和记录实时文件系统、注册表^(Registry)和进程/线程活动
• 它可以通过在实时模式下运行来记录启动时间
• 使用Process Monitor，您可以过滤、搜索和创建有关系统和注册表活动的报告
• 系统^(System)管理员的故障排除工具
• 恶意软件搜索

如何开始使用进程监视器

• Process Monitor不需要安装。您必须下载一个 zip 存档。解压缩文件后，您可以运行Procmon.exe来启动应用程序。
• 首次运行该工具时，将要求用户接受最终用户许可协议^{(End User License Agreement)}( EULA )。一旦被接受，它将永远不会再次显示在相同的配置文件中。
• 只需^(Simply)使用右键单击选项将工具固定到任务栏。只需单击一下即可轻松启动进程监视器。^(Process)

进程监视器用户界面^{(Process Monitor User Interface)}

UI 窗口一打开，该工具就会开始捕获有关注册表^(Registry)、文件^(Files)和Process/Thread活动的信息。UI 让您想起包含大量信息的电子表格。用户可以应用过滤器对收集的数据进行排序。

您将在主窗口中看到不断增长的进程​​列表，其中包含分类在几个有用标题下的信息。

如何使用进程监视器记录^{(Process Monitor)}重启周期^{(Reboot Cycle)}跟踪

请按照以下步骤跟踪系统的重新启动周期：

从解压缩的文件夹中找到名为“ProcMon”的文件并单击。

看到 Process Monitor Filter 界面后，单击“Reset”按钮将过滤器重置为默认值，然后单击“OK”按钮。

现在，单击文件菜单中的Capture按钮以停止当前的实时跟踪，如下所示：

注意：^{(Note: )}建议从跟踪中过滤一些在分析重新启动和登录时不需要的事件，并将跟踪减少到非常小的大小。下面提到的是过滤掉不需要的事件的过程。

在ProcMon图标栏上取消选择以下事件类别：

1. 显示网络事件
2. 显示文件系统活动
3. 显示注册表活动

   

现在关闭进程^(Process)监视器并重新启动计算机。

如果您希望节省磁盘空间，请在系统启动后登录，现在，启动进程监视器^{(Process Monitor)}并停止它。保存跟踪。这将确保不会消耗过多的磁盘空间。

因此，这是关于我们如何使用Process Monitor记录跟踪。现在，让我们看看如何分析这个踪迹。

阅读^(Read)：在 Windows 中测量引导或启动时间的免费软件^{(Freeware to measure Boot or Startup Time in Windows)}。

如何使用Process Monitor分析重启周期跟踪^{(Process Monitor)}

• 系统启动后，登录并启动 Sysinternals 的进程监视器。
• 现在如上所述重置过滤器，然后单击确定。
• 一个对话框将要求您保存当前跟踪。将跟踪保存在文件夹中。
• 现在，此引导跟踪将可用，甚至显示在Process Monitor中。
• 接下来，单击“工具”，然后单击“进程树”。
• 在这里，单击最左侧列中的第一项“空闲”，并在时钟上记录时间。
• 再次^(Again)单击“工具”，然后单击“进程树”。在最左侧查找选项“Logonui.exe”并单击它，同时注意如下所示的时钟时间。

  

空闲时间和 Logonui.exe 时间之间的记录时间之间的差异是计算机启动和登录凭据之间的时间间隔。  ^{(The difference between both the noted time that is between Idle time and Logonui.exe time is the time gap between computer startup and logon credentials.  )}

以上解释了如何使用^(Above)Process Monitor评估重启周期时间。现在，让我们了解一下 Userinit.exe的意义。

' Userinit.exe是在验证用户凭据时启动的进程，并启动导致用户的 shell 启动、桌面启动和重要标记“桌面准备使用”的后续事件链。'Userinit.exe' 进程应该比较接近但在'前面提到的进程'Logonui.exe 之下。注意启动“Userinit.exe”进程的时钟时间。“Userinit.exe”和“Procmon.exe”启动之间的时钟时间差大致是该特定用户的整体登录时间。

使用过程^(Process)监视器很容易测量各个时间。

Process Monitor仅使用 8KB 或 8192 字节来监控重启时间。此外，它^{( uses just 8KB or 8192 bytes to monitor the reboot time. Also, its)} 强大的过滤能力只需要收集“进程启动”事件。 ^{( powerful filtering capability requires just “”process start” events to be collected. )}因此，整体登录和重新启动跟踪统计数据不受跟踪捕获的影响。^{(overall logon and reboot trace statistics are not affected by the trace capture.)}

这是 Process Monitor 的特殊功能之一，使其在所有其他为相同目的而设计的工具中脱颖而出。^{(This is one of the special features of Process Monitor that makes it outstanding from all other tools designed for the same purpose.)}

 其他特性^{(Other features)}

• Process Monitor允许您根据参数捕获数据。此功能不适用于其他工具。
• 即使在新查询之后，以前收集的数据也会保留在您身边。
• 通过捕获和分析每个操作的线程堆栈，您可以检测到根本原因
• 进程详细信息包括图像路径、命令行、用户和会话 ID
• 列^(Columns)是可配置的——它们可以移动、隐藏或显示
• 适用于任何数据字段的广泛过滤器
• 进程^(Process)树显示跟踪中所有进程的关系。
• 可以取消搜索
• 所有操作的启动^(Boot)时间记录
• 高级^(Advanced)日志架构可扩展到数千万捕获的事件和千兆字节的日志数据
• 能够保存本机日志格式数据以在不同的Process Monitor实例中使用

单击工具^(Tools)从另一组有用的选项卡中进行选择，例如系统^(System)详细信息、进程活动摘要^{(Process Activity Summary)}、文件摘要^{(File Summary)}、注册表摘要^{(Registry Summary)}等。

请参阅屏幕截图以供参考。

您还可以查看流程^(Process)活动摘要。

Process Monitor的唯一缺点是新手用户使用起来有点复杂。大多数用户可能会发现使用该工具具有挑战性，并且可能需要花费时间来了解它的工作原理。

IT 专家、系统^(Systems)管理员或技术极客最适合使用Process Manager的功能。

要下载 Process Monitor，请访问docs.microsoft.com。有关详细信息，请访问TechNet。

Process Manager lets you measure computer reboot times and more

Aѕ а Windows user, аt some point in timе, you do feel concerned about the speed of your machine. Іt could be aboυt how quick does your system responds while logging in or how faѕt it runs to accomplish usual tasks. To find exactly what the programѕ running on your PC are doing you need to install a monitoring tool and this is where Sysinternals Process Monitor tool comes in use.

Use Process Monitor to measure reboot & logon times

Although there are several monitoring tools for Windows, Process Monitor offers advanced diagnostics and tackles various troubleshooting scenarios. It has been developed to monitor the system right from its starting phase and provides useful information such as:

• Time required by the system to display logon screen
• Time required by the user to enter the credentials
• Time required by the system to start the Explorer
• Time required by the system to set up the desktop in a ready state (Desktop is in a ready state indicates that Windows has started with the majority of its services and processes and the user can start interacting with various applications without waiting for a busy cursor sign)

The features of Process Monitor are as follows:

• Display as well as record real-time file system, Registry, and process/thread activity
• It can record booting time by running in real-time mode
• Using Process Monitor, you can filter, search and create reports about system and registry activities
• Troubleshooting tool for the System admins
• Malware hunting

How to start using Process Monitor

• Process Monitor does not require installation. You have to download a zip archive. Once you extract the files, you can run Procmon.exe to launch the application.
• When the tool is run for the first time, the user will be asked to accept the End User License Agreement (EULA). Once accepted it would never be displayed again for the same profile.
• Simply pin the tool to the taskbar with right click option. It would be easy to start the Process monitor with just one click.

Process Monitor User Interface

As soon as the UI window opens, the tool starts capturing information about Registry, Files and Process/Thread activity. The UI reminds you of a spreadsheet with a massive outlay of information. There are filters that users can apply to sort the collected data.

You will see the growing list of processes in the main window with information categorized under several useful headers.

How to record a Reboot Cycle trace with Process Monitor

Follow the below-mentioned steps to trace the reboot cycle of your system:

Locate the file named “ProcMon” from the unzipped folder and click.

Once you see the Process Monitor Filter’ interface click on the ‘Reset’ button to reset filters to default values, and then click the ‘OK’ button.

Now, click on the Capture button in the file menu to stop the current real-time trace as shown:

Note: It is advisable to filter some events from the trace that are not required in analyzing reboot and logon and reduce the trace to very small size. Mentioned below is the process to filter out the unwanted events.

On the ProcMon icon bar de-select the following categories of events:

1. Show Network Events
2. Show File System Activity
3. Show Registry Activity

   

Now close the Process monitor and restart the computer.

If you wish to save the disk space, then log on once your system initiates, Now, start the Process Monitor and stop it. Save the trace. This will ensure that an excessive amount of disk space is not consumed.

So, this was about how we can record the trace using Process Monitor. Now, let us see how to analyze this trace.

Read: Freeware to measure Boot or Startup Time in Windows.

How to analyze the reboot cycle trace with Process Monitor

• Once the system starts, logon and start the Sysinternals’ Process Monitor.
• Now reset the filter as mentioned above and click Ok.
• A dialog box will ask you to save the current trace. Save the trace in a folder.
• Now, this boot trace will be available and even displayed in Process Monitor.
• Next, click on “Tools” and then on “Process Tree”.
• Here, click on “Idle” the first item in the leftmost column and keep the note of the time on the clock.
• Again click on “Tools” and then on “Process Tree”. Look for the option “Logonui.exe” in the leftmost and click on it while noting the clock time as shown below.

  

The difference between both the noted time that is between Idle time and Logonui.exe time is the time gap between computer startup and logon credentials.  

Above was an explanation of how reboot cycle time is evaluated with Process Monitor. Now, let’s understand the significance of Userinit.exe.

‘Userinit.exe is the process that is launched if the user’s credentials are verified, and initiates the subsequent chain of events leading to the user’s shell starting, desktop starting, and the important marker “desktop ready to use”. The ‘Userinit.exe’ process should be relatively close but under’ the previously noted process ‘Logonui.exe. Note the clock time for starting of the ‘Userinit.exe’ process. The difference in clock time between starting of ‘Userinit.exe’ and ‘Procmon.exe’ is roughly that particular user’s overall logon time.

It is quite easy to measure respective times using Process monitor.

Process Monitor uses just 8KB or 8192 bytes to monitor the reboot time. Also, its powerful filtering capability requires just “”process start” events to be collected. Thus overall logon and reboot trace statistics are not affected by the trace capture.

This is one of the special features of Process Monitor that makes it outstanding from all other tools designed for the same purpose.

 Other features

• Process Monitor allows you to capture data according to your parameters. This feature is not available with other tools.
• Previously collected data remains with you even after new queries.
• By capturing and analyzing thread stacks for each operation, you can detect the root cause
• Process details include image path, command line, user and session ID
• Columns are configurable – They can be moved, hidden or shown
• Extensive filters for any data field
• Process tree shows the relationship of all processes in a trace.
• Possibility to cancel search
• Boot time logging for all operations
• Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
• Ability to save native log format data for use in different Process Monitor instances

Click on Tools to choose from the other set of useful tabs like System details, Process Activity Summary, File Summary, Registry Summary and more.

Refer the screenshots for reference.

You can also see the Process activity summary.

The only drawback of Process Monitor is that it is a bit complicated for the novice user to use. Most users may find it challenging to use the tool and may have to invest time in understanding how it works.

IT experts, Systems admins or technology geeks are best suited to utilize the features of Process Manager.

To download Process Monitor visit docs.microsoft.com. For more details visit TechNet.

Related posts

• RAMMap是来自Sysinternals的memory usage analysis utility

• 在Crash Dump文件Windows 10物理Memory Limits

• 如何使用Windows 10 SysInternals Process Explorer tool

• SYSINTERNALS Sysmon system监控Windows

• Backup，Restore，Move Steam游戏Steam Library Manager

• 如何打开Task Manager在Windows 10

• 使用HiBit Startup Manager管理Windows Startup项目

• 如何在Windows 10重置Task Manager至Default

• 如何检查一个过程是否在Windows 10中运行Administrator

• Best免费Clipboard Manager software用于Windows 10

• 如何使用WAU Manager管理或停止Windows 10 Update

• Tablacus Explorer：Tabbed File Manager带附加支持

• 免费Task Manager Windows 10替代软件

• Best Free Download Manager software用于Windows 10

• SafeInCloud Password Manager使用Cloud账户同步Database

• CPU usage打开Task Manager时CPU usage飙升至100％

• 如何停止在Task Manager中运行的多个Chrome流程

• LessPass是免费Password Generator and Manager

• 如何在Windows 10中禁用Startup程序

• Windows 10的Neat Download Manager将加快下载