Start ProcMon During Boot on Machine You Can’t Logon

Sometimes you might want to run some tracing tools like ProcMon, xperf, wpr, netsh trace, etc on a machine that logon is not completing properly.

Often you might be able to use PowerShell remoting, WMI, or psexec to get these tools launched remotely.

But for scenarios where this doesn’t work I’ve created a simple Windows service that can be applied to an offline system via Windows PE

Once the machine boots it will start tracing for specified number of seconds until it automatically stops the trace.

You can then boot back into Windows PE to grab the traces.

View the readme.txt for instructions on usage.

The binaries and Visual Studio 2015 C# project is available for download here:

https://1drv.ms/u/s!AiFhB4fT6aiTgdoPPYYD7Ru8s-3KJw

About chentiangemalc

specializes in end-user computing technologies. disclaimer 1) use at your own risk. test any solution in your environment. if you do not understand the impact/consequences of what you're doing please stop, and ask advice from somebody who does. 2) views are my own at the time of posting and do not necessarily represent my current view or the view of my employer and family members/relatives. 3) over the years Microsoft/Citrix/VMWare have given me a few free shirts, pens, paper notebooks/etc. despite these gifts i will try to remain unbiased.
This entry was posted in Debugging, ProcMon, Windows Performance Recorder, Windows Performance Toolkit and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s