-
Notifications
You must be signed in to change notification settings - Fork 0
File Reference
The main script. Runs as a background PowerShell process.
- Registers a WMI event watcher for
Win32_ProcessStopTrace - Logs every process exit to the daily log files
- Draws a 16x16 tray icon at runtime using GDI+ (no external
.iconeeded) - Pumps the Windows message loop each iteration so the tray stays responsive
- Writes a
.monitor.pidfile on start; deletes it on clean shutdown - Skips PIDs
0and4and the names in$SkipNamesto reduce noise
Config variables at the top of the file:
| Variable | Default | Description |
|---|---|---|
$LogDir |
%USERPROFILE%\ProcessMonitorLogs |
Where logs are written |
$SkipPIDs |
0, 4 |
Process IDs to always ignore |
$SkipNames |
System, Idle, etc. | Process names to always ignore |
Silent launcher. Uses WScript.Shell.Run with windowStyle = 0 so no console window appears. Use this for startup shortcuts.
Interactive launcher. Checks whether the monitor is already running before starting. Prints the PID on success.
Stops the monitor by finding any powershell.exe whose command line contains ProcessMonitor.ps1 and calling Stop-Process -Force. Also cleans up the PID file.
Opens the log folder in Explorer and opens today's process_ and errors_ log files in Notepad.
Unblocks ProcessMonitor.ps1 then runs it in a visible PowerShell window. Use when the monitor won't start and you need to see errors.
Runs ProcessMonitor.ps1 in a visible console without unblocking. Use to see raw PowerShell errors when the script is already unblocked.
Written to %USERPROFILE%\ProcessMonitorLogs\:
| File | Contents |
|---|---|
process_YYYY-MM-DD.log |
All process exits for that day |
errors_YYYY-MM-DD.log |
Non-zero exit codes only |
.monitor.pid |
PID of the running monitor (deleted on stop) |