Recently I stumbled upon an error: In Windows 10 I wasn’t able to use Sysinternals Process Monitor for boot logging. The feature just dropped an error message. Here are the details and a how to cure this issue and enable boot logging.
What we are talking about?
Currently I’m writing a book about Windows 10 insides – and within a chapter I intended to introduce boot logging with Sysinternals Process Monitor. In previous Windows version it was possible, to launch Process Monitor, open Options menu and select Enable Boot Logging (see screenshot below).
But in Windows 10 I was greeted with the following error dialog box. I’ve tested Windows 10 Version 1607, but it seems that all Windows 10 versions are causing this error.
The dialog box reporting, that Process Monitor was not able to write to a file ProcMon23.sys. I checked Windows 7, but this file wasn’t available. Then I checked Windows 10 and I found such a file.
How to solve this issue
Searching the web, I came across this MSDN article (link broken), where deleting this file in Windows PE was suggested. I tried a different approach (never believe, what Microsoft writes): I fired up Windows explorer and navigated to
and found a file PROCMON23.sys. Then I tried to rename this file to _PROCMON23.sys. It required administrator privileges, but I was able to process this renaming operation successfully. Microsoft’s MSDN article also requires to launch Process Monitor using a command:
C:\procmon\Procmon /BackingFile C:\procmon\log.pml /AcceptEula /Quiet /noconnect
I also ignored this advice and launched Process Explorer via a double click. And voilá, it came up with the window shown above – and I was able to enable the boot logging option. Inspecting the folder %SystemRoot%\System32\Drivers\ showed me, that a new file PROCMON23.sys was created – beside the old file _PROCMON23.sys.
Windows 10 Wiki
Windows 10: Open command prompt window as administrator
Check and repair Windows system files and component store
Windows 10: How to fix update error 0x80080008
How to block Windows 10 updates
Windows 10: Hibernation causes error 0xC0000411
Windows 7/8.1: Optional INTEL System driver updates