Boot Logging
Process Monitor can log activity from a point very early in the boot process during the initialization of boot-start device drivers. Configure Process Monitor to log the next boot by selecting Enable Boot Logging from the Options menu. Process Monitor's driver will log activity at the next boot into a file in the %Windir% directory and will continue logging through the shutdown or until you run Process Monitor again. Thus, if you don't run Process Monitor during a boot session you will capture a trace of the entire boot to shutdown cycle.
On Windows Vista and higher, Process Monitor supports thread profiling capture in boot logging. When you enable boot logging on supported operating systems, Process Monitor will present a dialog that asks whether boot logging should include thread profiling, and if so, the rate of the profiling. Note that thread profiling will significantly grow the size of a boot log.
When you run Process Monitor it looks to see if a previous boot log has been generated, and if so, asks you where you want to place the processed boot log output file. Process Monitor displays the trace after it has finished translating it. To see activity from the System process, which is the only process early in a boot, select Enable Advanced Output from the Options menu.
If you configure boot logging and the system crashes early in the boot you can deactivate boot logging by choosing the Last Known Good option from the Windows boot menu (which you access by pressing F8 during the boot).
Note: network events, which are based on ETW (Event Tracing for Windows), are not available in boot logs.