Process Monitör tarzı Log kaydı yapabileceğim bir yazılım var mıdır ? Process monitör' ü çalıştıramadım Windows 2008 R2 de Unable to load driver hatası veriyor ve çalışmıyor.
iyi çalışmalar
Çözüm burada
Attempts to run the 64 bit version of procmon to observe a process’ activity results in the following error: Unable to load Process Monitor Device Driver. This has been mentioned in posts going back to 2008. There are several solutions noted as the root cause, not of which worked for me including:
- The Workstation service needs to be running (it is)
- Extract the 64 bit binary from the procmon.exe into it’s own binary procmon-64 (didn’t work)
- When on a 64 bit system, Procmon extracts a 64bit binary in the %TEMP% folder as Procmon64.exe and runs that. That part seems to be working.
- Login as Administrator and try it (didn’t work)
I checked Event Viewer->Security and saw that there was an Audit Error:
Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error
Filename: \Device\HarddiskVolume2\Windows\System32/drivers/PROCMON23.SYS
So, PROCMON32.SYS was not being installed. After a lot of searching, I found this blog post that describes the actual root cause and how to resolve it. It involves Microsoft update KB3033929 which added support for SHA-2 certificate signing (in preparation of the likely SHA-1 vulnerabilities).
If the system gets regular updates, this update would already by applied. The system I’m using is not connected to the internet and cannot access a WSUS server so updates are not applied on a regular basis. This explains why procmon works on a similarly configugured system that coincidently had been updated recently.
After manually downloading and applying this update the process monitor was able to install the driver and run.
Danışman - ITSTACK Bilgi Sistemleri
Probleminiz Çözüldüğünde Sonucu Burada Paylaşırsanız.
Sizde Aynı Problemi Yaşayanlar İçin Yardım Etmiş Olursunuz.
Eğer sorununuz çözüldü ise lütfen "çözüldü" olarak işaretlerseniz diğer üyeler için çok büyük kolaylık sağlayacaktır.