Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. The second section outlines the steps involved in creating a process (and its initial thread). The first section focuses on the internal structures that make up a process. Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. The Process Monitor utility was created by combining two different old-school utilities together, Filemon and Regmon, which were used to monitor files and registry activity as their names imply. In this chapter from Windows Internals, 5th Edition, learn the data structures and algorithms that deal with processes, threads, and jobs in the Windows operating system. Windows 8.1, Windows 10, Windows 11, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 2022