Anyone seen code to read process monitor PML files?

Question

0.00/5 (No votes)

See more:

I have two PML files. One from a system that 'works' and one from a system that does not. I want to compare the two PML files and find the 'differences', which could indicate why the system that is broken, is broken. There are hundreds of 'false negatives' in the PML files when it comes to analyzing ActiveX loading - so many registry entries which are checked, don't exist' and that is not a problem. I want to try to programmatically process the PML file for the 'real' differences which matter.

What I have tried:

I have searched the Internet using similar keywords "Process Monitor files" "PML Files" - no hits.
I have opened the file and confirmed it is NOT text of any kind.

Thanks Rick. I don't know how I had overlooked that the PML could be exported to XML or CSV. I can process one of those file formats and then build tables for the elements of interest.

Posted 4-May-21 12:49pm

Blake Miller

Updated 5-May-21 4:57am

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Rick York · Accepted Answer · 2021-05-04T13:53:00

Solution 1

Have you had a look at these ?
procmon-parser · PyPI[^]
GitHub - asquigglytwist/SeeBee: A PML Analyzer.[^]

This might be helpful also : The Ultimate Guide to Procmon[^]

Posted 4-May-21 13:53pm

Rick York

Comments

Rick York 5-May-21 12:53pm

I will add, keyword selection for search engines is a really important thing to learn. You have to keep refining the terms until you see results of interest. I think I used, "PML file read code" or something like that to get those.