Process Explorer
Process Explorer is a freeware task manager and system monitor for Microsoft Windows created by SysInternals, which has been acquired by Microsoft and re-branded as Windows Sysinternals. It provides the functionality of Windows Task Manager along with a rich set of features for collecting information about processes running on the user's system.[1] It can be used as the first step in debugging software or system problems.
Original author(s) | Winternals Software |
---|---|
Developer(s) | Microsoft |
Stable release | v17.05
/ July 26, 2023 |
Operating system | Windows 8.1 / Windows Server 2012 and later |
Type | Task manager and system monitor |
License | Freeware |
Website | learn |
Process Explorer can be used to track down problems. For example, it provides a means to list or search for named resources that are held by a process or all processes. This can be used to track down what is holding a file open and preventing its use by another program. As another example, it can show the command lines used to start a program, allowing otherwise identical processes to be distinguished. Like Task Manager, it can show a process that is maxing out the CPU, but unlike Task Manager it can show which thread (with the callstack) is using the CPU – information that is not even available under a debugger.[2]
History
Process Explorer began in the early Sysinternals days as two separate utilities, HandleEx and DLLView, which were merged in 2001.[3] Until 2008, Process Explorer worked on Windows 9x, Windows NT 4.0 and Windows 2000. Versions of Process Explorer up to 12.04 work on Windows 2000; versions 14.0 and higher do not require credui.dll (which is only available since Windows XP/2003). Windows XP is supported up to version 16.05.[4] The current version runs on Windows Vista and upwards. The open source software "Process Hacker" has been developed with the aim to replicate its functionality.[5]
Features
- Hierarchical view of processes
- Ability to display an icon and company name next to each process
- Live CPU activity graph in the task bar
- Ability to suspend selected process
- Ability to raise the window attached to a process, thus "unhiding" it
- Complete process tree can be killed
- Interactively alter a service process's access security
- Interactively set the priority of a process
- Disambiguates service executables which perform multiple service functions. For example, when the pointer is placed over a svchost.exe, it will tell if it is the one performing automatic updates/secondary logon/etc., or the one providing RPC, or the one performing terminal services, and so on
- There is an option (in a process's context menu) to verify a process in VirusTotal
- There is an option to display DLLs loaded by process (View => Lower Pane View => DLLs); an option Show Lower Pane has to be switched on
- There is an option to display processes' handles which includes named mutants, events, sockets, files, registry keys etc. (View => Lower Pane View => Handles); an option Show Lower Pane has to be switched on
- In properties of a process a user can view the process's threads and threads' stack traces
- There is a command to create a process dump (mini or full) (Process => Create Dump)
- There is a Find command which allows for searching a handle or DLL which can be used to identify the process(es) holding a file lock
- There is an option (in handle context menu) to close a selected handle
- Version 15 added GPU monitoring
See also
- Activity Monitor
- Ksysguard
- Process Lasso
- Resource Monitor
- Taskkill
- Tasklist
- Process Monitor – capturing file system and Registry activity.
- ProcDump
References
- How to use Process Explorer, Microsoft's free, supercharged Task Manager alternative
- Process Explorer, Part 2
- RTM’d today: Windows Sysinternals Administrator's Reference
- "Process Explorer - Windows Sysinternals". Archived from the original on 11 December 2015. Retrieved 26 January 2021.
{{cite web}}
: CS1 maint: bot: original URL status unknown (link) - Arntz, Pieter (9 November 2018). "Advanced tools: Process Hacker". Malwarebytes Labs. Retrieved 22 January 2022.
External links
- Process Explorer Official Webpage Microsoft Retrieved on December 29, 2008
- Using Process Explorer to tame svchost.exe - Advanced topics February 9, 2008
- Process Explorer Part 2 February 10, 2008
- Process Explorer Guide for Newbies Archived 2010-03-18 at the Wayback Machine February 27, 2009
- Sysinternals Suite at Microsoft Technet Updated continuously as of August 2009