1Procmon interfaces as the kernel level, I believe: registry, filesystem, process. GUI is not kernel level. Can you give an example of what you're trying to monitor? – ckhan – 2012-04-22T09:09:14.620

i want to know,when application without GUI changes start page,or IE changes homepage and its not that i pressed internet options,i know i can javascipt ,but when hidden process doing some changes,i want to know if its a legit process or it is A trojan who changes registy values without GUI – pruton – 2012-04-22T13:48:59.933

Then it's registry functions, not GUI functions, that you want to track... you said that yourself. – user1686 – 2012-04-22T14:46:18.317

ok,i will try to explain better way, i want to know whether aplication with GUI made the change of something or same application without GUI,for example i can run CMD.EXE WITHOUT GUI and commit same changes like with GUI,so i want to distinguish between them,or when IE is open and i have run the Procmon without any filters,when i hover with the mouse on buttons and menus i see mouse hovering and reactions,but nothing in procmon,so how do i know what is GUI,i want know wheter trojan makes changes in registry/files/anything or legit application with GUI. – pruton – 2012-04-23T07:19:34.620