Hi All,
today I’ll start a review of all the softwares I’ve mentioned some days ago, and I think that the “Process Explorer” is a very good start.
Process Explorer has been created by Mark Russinovich, and is the best replacement for the original Microsoft Windows’ Task Manager.
I’ve used process explorer for various years, and it helped me a lot to troubleshoot and solve a large number of issues.
In this image we can see Process Explorer’s appearance:
On the top part we have the standard Menu bar and Toolbar. The main window lists the processes running on the machine and the last window shows (depending on how you configure it) the DLLs or the Handles associated to the process we highlight.
Now, let’s analyse the Menu Bar; we can see 8 menu items: File, Options, View, Process, Find, Handle, Users and Help. In this post I’ll explain the first two menus: File and Options, just to avoid to make it too long:
File –
Run: this will allow you to start an executable by writing its name in the proper field or by browsing your drives and double click on it.
Runas: this will allow you to start an executable like the option “Run“, but before the program starts, you’ll be prompted for alternate credentials.
Save: using this option will save the full content of both process window and the DLLs/Handles windows in TXT format.
Save as: same as the previous option, but with the option to change the TXT filename.
Shutdown: this will give you the opportunity to Logoff, Shutdown, Stand by, Lock or Restart your machine.
Exit: use it to close the program.
Options –
Always on top: put Process Explorer’s window on top of all the others.
Replace Task Manager: replace the original Task Manager with the Process Explorer. Please note that the change can be reverted by choosing this option again.
Hide when minimized: enabling this option will make the process explorer’s window disappear from the traybar when minimized (please note that the cpu usage monitor in the systray will remain – if enabled – and from there you’ll be able to restore it).
Allow only one instance: allow or not to have more than one Process Explorer opened.
Confirm Kill: ask confirmation when you try to kill a process.
CPU History in Tray Icon: swap the CPU history icon in the systray with the CPU Realtime usage icon.
I/O History Tray Icon: enable/disable the I/O history icon in the systray.
Verify Image Signatures: enable/disable will check or not if a specific process has a trusted signature (signed by a trusted root certificate authority).
Configure symbols: this is to specify the path of the file dbghelp.dll. This is part of the Debugging tools for Windows, used by Process Explorer to identify the thread’s start addresses when you see the “threads” tab in the process’s properties.
Configure Highlighting: specify colors for every different type of process.
Difference Highlight Duration: this will change the amount of seconds (default 1) that new processes are shown in Green (started) or Red (killed/closed).
Font: This is to change the default font used by Process Explorer.
In the next post I’ll discuss the other options and in the last one I’ll give some tips and explanations on how to use it to solve specific issues.
Have a good weekend!
Leave a Reply