Process Explorer 11.21 – update 3

With this post we will conclude the general part of ProceXP 11.21. The final part will be related to various possible ways to use it in order to fix complicated issues (mostly virus/trojan related).

Process

When you have a process selected the items in the Process menu become active. You can access the same menu items by right-clicking on a process. The items enable you to do the following:

Bring to Front – select this option to bring any windows owned by the selected process to the foreground.

Set Priority – you can change the base priority of a process with this submenu. When you change the base priority of a process the system adjusts the priorities of threads within the process so that they remain at the same relative priority with respect to the new base priority.

Set Affinity – on systems with multiple CPUs this menu item lets you bind the threads of a process to particular CPUs.

Debug – choosing this menu item launches the debugger registered in HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionAeDebug with the selected process as the command-line argument.

Kill – this item terminates a process with the Terminate Process API. Note that a process terminated in this way is not warned of its termination and therefore does not write unsaved data it may have.

Kill Process Tree – if the process pane is in the process tree sorting mode this menu item is available and allows you to kill a process and all of its descendants.

Suspend – if you want a process to become temporarily inactive, so that a system resource such as network, CPU or disk, becomes available for other processes, you can suspend the process. Suspended processes show in a dark grey color. To resume a suspended process chose the Resume item from the process context menu.

Restart – when you select this item Process Explorer terminates the highlighted process and starts the same image using the same command-line arguments. Note that the new instance may fail to run or behave differently if the original process ran in a different user account or had a different environment.

Properties – this selection opens a property dialog that shows you more information about a process.

Search Online – selecting this entry will result in Process Explorer launching the system’s configured Internet browser and initiating an Internet search for the selected process’ name.

Find

One of the common problems Process Explorer solves with ease is the question: what process has this file or directory open, or which processes have a particular DLL loaded?

You can perform a handle and DLL search by selecting Find|Find Handle or DLL or by typing Ctrl+F. Searches are case insensitive substring searches of all of the handles opened and DLLs loaded on the system with the text you enter. Thus, to search for the process or processes that have c:directorysomefile.txt open enter enough text to make the search find only the results you are interested in e.g. “somefile”.

The search dialog populates with the list of results indexed by process. Select a line in the results to have Process Explorer select the reported process and DLL or handle, and double-click on a line to have it do the same and dismiss the Search dialog.

UserOn systems that include Terminal Services Process Explorer displays a Users menu that lists the currently connected sessions. Process Explorer creates a menu entry for each session that’s name includes the session’s session ID and the user logged into the session. Each entry opens a sub menu that has options for disconnecting, logging off, and sending a message to the session’s user. In addition, a Properties menu for each session entry opens a dialog box that lists detailed information about the session, including the IP address and name of the client connected to the session.

The content of the Users menu is updated each time you open the menu to reflect current session information.

It’s done for now. Now let me a few days to complete the “usage guide”…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.