none
Unable to extract 64-bit image

    Question

  • This is a very odd one. It all works on other machines I log into where I work but the current laptop I'm on I can't get Process Monitor to work. Just keep getting the error

    Unable to extract 64-bit image. Run Process Monitor from a writeable directory.

    I'm local admin on the machine, I've got full control of the %tmp% directory where procexp64.exe is unpacked to but still get the message. I have read elsewhere that some have said if there is a policy in place to disallow apps from running from the Temp directory you'll get this. But, and I'm aware I should know this, but which policy would this be so I can see if I've got it? Would be odd because it was working recently, I have permissions to use it and only just started to get the error. Also works fine on other machines I log into.

    On the same note, is it possible to watch what Process Monitor is doing with Process Monitor? I've got the procexp64.exe from another PC and now run it from the desktop. Was going to use it to monitor what is going on when attempting to run the none working Process Monitor.
    Thursday, October 27, 2016 6:15 AM

All replies

  • FIXED IT.

    I remembered the other day I'd installed Python and was putting in the "PATH" location so I could run it from a CMD. It hadn't gone in. I wasn't paying attention to where I'd put the c:\python27 (needed that version for a reason).

    Turns out I'd put it in the TEMP variable that tells it where my TEMP directory is. So it said

    %USERPROFILE%\AppData\Local\Temp;C:\Python27

    Which then causes the issue above.

    Still would be interested in if it's possible to use Process Monitor running off the desktop to monitor attempting to run another copy off it on the same PC where it refuses to run (if that makes sense)

    EDIT-

    This post and Mike Crawford's comment indirectly helped


    The solution I found for the same problem was:
     
    1) Click on Start, Run, and enter CMD to open a DOS command window.
     
    2) Type "SET" and hit enter to display your TEMP directory variable
        It will be something like:
              TEMP=C:\Users\YOUR_USERNAME\AppData\Local\Temp
     
    3) Then look in that directory for a file it's created but can't run called PROCEXP64.EXE
     
    4) Copy it to just about anywhere else on your PC and try running it.
     
    The odds are that your system administrator has a group policy restricting the permissions in your Temp directory.  Placing the file in an unrestricted location works better than trying to change the permissions for the Temp directory, since if they are being set by a group policy at boot up they'll just keep changing back.

    I ran SET in CMD and saw my error :)
    Thursday, October 27, 2016 6:28 AM

  • Still would be interested in if it's possible to use Process Monitor running off the desktop to monitor attempting to run another copy off it on the same PC where it refuses to run (if that makes sense)




    I believe that only a single instance of process monitor can be running to capture a trace.

    However, you can use multiple instances of process monitor to open saved trace files.
    Friday, October 28, 2016 6:41 AM
  • I had this problem because the TEMP folder was on another volume and it was "dirty".

    After running CHKDSK on the volume it returned to normal operation.

    Friday, February 1, 2019 11:25 AM