Process Explorer

Process Explorer is a freeware task manager and system monitor for Microsoft Windows created by SysInternals, which has been acquired by Microsoft and re-branded as Windows Sysinternals. It provides the functionality of Windows Task Manager along with a rich set of features for collecting information about processes running on the user's system.[1] It can be used as the first step in debugging software or system problems.

Process Explorer
Original author(s)Winternals Software
Developer(s)Microsoft
Stable release
v17.05 / July 26, 2023 (2023-07-26)
Operating systemWindows 8.1 / Windows Server 2012 and later
TypeTask manager and system monitor
LicenseFreeware
Websitelearn.microsoft.com/en-us/sysinternals/downloads/process-explorer

Process Explorer can be used to track down problems. For example, it provides a means to list or search for named resources that are held by a process or all processes. This can be used to track down what is holding a file open and preventing its use by another program. As another example, it can show the command lines used to start a program, allowing otherwise identical processes to be distinguished. Like Task Manager, it can show a process that is maxing out the CPU, but unlike Task Manager it can show which thread (with the callstack) is using the CPU – information that is not even available under a debugger.[2]

History

Process Explorer began in the early Sysinternals days as two separate utilities, HandleEx and DLLView, which were merged in 2001.[3] Until 2008, Process Explorer worked on Windows 9x, Windows NT 4.0 and Windows 2000. Versions of Process Explorer up to 12.04 work on Windows 2000; versions 14.0 and higher do not require credui.dll (which is only available since Windows XP/2003). Windows XP is supported up to version 16.05.[4] The current version runs on Windows Vista and upwards. The open source software "Process Hacker" has been developed with the aim to replicate its functionality.[5]

Features

  • Hierarchical view of processes
  • Ability to display an icon and company name next to each process
  • Live CPU activity graph in the task bar
  • Ability to suspend selected process
  • Ability to raise the window attached to a process, thus "unhiding" it
  • Complete process tree can be killed
  • Interactively alter a service process's access security
  • Interactively set the priority of a process
  • Disambiguates service executables which perform multiple service functions. For example, when the pointer is placed over a svchost.exe, it will tell if it is the one performing automatic updates/secondary logon/etc., or the one providing RPC, or the one performing terminal services, and so on
  • There is an option (in a process's context menu) to verify a process in VirusTotal
  • There is an option to display DLLs loaded by process (View => Lower Pane View => DLLs); an option Show Lower Pane has to be switched on
  • There is an option to display processes' handles which includes named mutants, events, sockets, files, registry keys etc. (View => Lower Pane View => Handles); an option Show Lower Pane has to be switched on
  • In properties of a process a user can view the process's threads and threads' stack traces
  • There is a command to create a process dump (mini or full) (Process => Create Dump)
  • There is a Find command which allows for searching a handle or DLL which can be used to identify the process(es) holding a file lock
  • There is an option (in handle context menu) to close a selected handle
  • Version 15 added GPU monitoring

See also

References

  1. How to use Process Explorer, Microsoft's free, supercharged Task Manager alternative
  2. Process Explorer, Part 2
  3. RTM’d today: Windows Sysinternals Administrator's Reference
  4. "Process Explorer - Windows Sysinternals". Archived from the original on 11 December 2015. Retrieved 26 January 2021.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  5. Arntz, Pieter (9 November 2018). "Advanced tools: Process Hacker". Malwarebytes Labs. Retrieved 22 January 2022.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.