![](\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/win102.jpg\")
Recently I stumbled upon an error: In Windows 10 I wasn't able to use Sysinternals Process Monitor for boot logging. The feature just dropped an error message. Here are the details and a how to cure this issue and enable boot logging.<\/p>\nRecently I stumbled upon an error: In Windows 10 I wasn't able to use Sysinternals Process Monitor for boot logging. The feature just dropped an error message. Here are the details and a how to cure this issue and enable boot logging.<\/p>\n
<\/p>\n
Currently I'm writing a book about Windows 10 insides \u2013 and within a chapter I intended to introduce boot logging with Sysinternals Process Monitor<\/a>. In previous Windows version it was possible, to launch Process Monitor, open Options<\/em> menu and select Enable Boot Logging <\/em>(see screenshot below).<\/p>\n But in Windows 10 I was greeted with the following error dialog box. I've tested Windows 10 Version 1607, but it seems that all Windows 10 versions are causing this error.<\/p>\n The dialog box reporting, that Process Monitor was not able to write to a file ProcMon23.sys<\/em>. I checked Windows 7, but this file wasn't available. Then I checked Windows 10 and I found such a file. <\/p>\n Searching the web, I came across this MSDN article (link broken), where deleting this file in Windows PE was suggested. I tried a different approach (never believe, what Microsoft writes): I fired up Windows explorer and navigated to <\/p>\n %SystemRoot%\\System32\\Drivers\\<\/em><\/p>\n and found a file PROCMON23.sys<\/em>. Then I tried to rename this file to _PROCMON23.sys<\/em>. It required administrator privileges, but I was able to process this renaming operation successfully. Microsoft's MSDN article also requires to launch Process Monitor using a command:<\/p>\n C:\\procmon\\Procmon \/BackingFile C:\\procmon\\log.pml \/AcceptEula \/Quiet \/noconnect<\/em><\/p>\n I also ignored this advice and launched Process Explorer via a double click. And voil\u00e1, it came up with the window shown above \u2013 and I was able to enable the boot logging option. Inspecting the folder %SystemRoot%\\System32\\Drivers\\ <\/em>showed me, that a new file PROCMON23.sys <\/em>was created \u2013 beside the old file _PROCMON23.sys<\/em>. <\/p>\n Similar articles: Recently I stumbled upon an error: In Windows 10 I wasn't able to use Sysinternals Process Monitor for boot logging. The feature just dropped an error message. Here are the details and a how to cure this issue and enable … Continue reading ![\"Boot](\"https:\/\/web.archive.org\/web\/20170905090358\/http:\/\/v40.imgup.net\/ProcessMone46e.jpg\" "\\"Boot")
<\/p>\n![\"Error](\"https:\/\/web.archive.org\/web\/20170905085927\/http:\/\/l65.imgup.net\/ProcessMonb599.jpg\" "\\"Error")
<\/p>\nHow to solve this issue<\/h3>\n
<\/strong>Windows 10 Wiki<\/a>
Windows 10: Open command prompt window as administrator<\/a>
Check and repair Windows system files and component store<\/a>
Windows 10: How to fix update error 0x80080008<\/a>
How to block Windows 10 updates<\/a>
Windows 10: Hibernation causes error 0xC0000411<\/a>
Windows 7\/8.1: Optional INTEL System driver updates<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"