Process Explorer is a freeware task monitor and system manager for Microsoft Windows. It was created by SysInternals. Microsoft acquired it and rebranded it as Windows Sysinternals. It includes all the functionality of Windows Task Manager and a rich set of features to collect information about the processes running on the user’s system. It is useful for diagnosing software and system problems.

Process Explorer is a tool that can be used for finding problems. It can be used to search or list named resources held by any process, or all processes. This is useful for finding out what files are open and stopping other programs from using them. It can also show the command lines used for starting a program. This allows processes that are identical to be distinguished. It can show the CPU usage of a process, similar to Task Manager. However, unlike Task Manager, it can also show the thread that uses the CPU (using the call stack), information that is not available under a debugger.

The features

  • Process hierarchy
  • Ability to place an icon and the company name beside each step.
  • The taskbar displays a live graph of CPU activity.
  • You can suspend a process.
  • Ability to raise the window that is attached to a process and “unhide” it.
  • A complete process tree can also be cut down.
  • Interactively modify a service process’s access protection
  • Set the priority of a project interactively
  • Service executables that perform multiple functions are disambiguated. If the pointer is, for example
  • It will detect if it performs automatic updates/secondary login/etc. if placed over a file called svchost.exe
  • One providing RPC or one performing terminal services.
  • You can verify a process in VirusTotal by selecting the context menu of a particular process
  • You can display DLLs that have been loaded by process (View=> Lower Pane View=> DLLs); you also have the option to Show Lower
  • The pane must be switched on
  • You can choose to display the processes handles, which include named mutants and sockets as well as files, registry, and files.
  • keys etc. (View => Lower PaneView => Handles); the option Show Lower Pane must be turned on
  • A user can view thread stack traces and the thread stack traces by going to the properties of a particular process
  • You can create a process dump (minimum or full) by using the command Process => Create Dump
  • The Find command allows you to search for a handle or DLL that can be used in identifying the process.
  • (es) Holding a File Lock
  • You can close a handle by selecting the option in the handle context menu

Categorized in:

SecurityTech

Tagged in:

,