Process Monitor fails to start on a 64 bit computer
When I try to start Process Monitor from SysInternals on some 64 bit windows 7 machines,the process fails to start. There is no error message. I double click and nothing happens. Other 64 bit windows 7 computers work fine. Any ideas?
Solution 1:
Here is what I found. The 32 bit Procmon.exe contains the 64 bit exe inside it as a binary resource. When the 32 bit exe starts, it extracts the 64 bit version out to a hidden file called Procmon64.exe and then executes that. For some reason this process fails on some Windows 7 installs.
I managed to extract the 64 bit exe using Visual Studio 2010.
- Open Visual Studio and open the Procmon.exe file using the File->Open->File... menu
- In the resource tree, expand the "BINRES" node
- Right-click on the 1308 node and select Export...
- Name the exported resource Procmon-64.exe and save
- Run the extracted exe
Don't name the extracted exe Procmon64.exe (no hyphen) because the 32 bit Procmon will try to delete it if it gets the chance.
If you don't have Visual Studio, use a windows executable resource extractor like ResourcesExtract - http://www.nirsoft.net/utils/resources_extract.html
Solution 2:
Let me blow your mind. procmon.exe REQUIRES Workstation service running in order to start. It uses it to enumerate something and will silently die without it.
This is not documented anywhere and pretty bogus.
Solution 3:
I know this thread has been a while but I just saw this problem lately and I noticed another factor that might be helpful. Administrator right. If I login as an admin and run it, it works fine. If login as a non-admin and run it, the problem happens and the extracted procmon-64 shows the same problem.