Website Design Chester by the Informatics Centre

Process Explorer for Everyday Use

Process Explorer (see technet) is a Task Manager alternative made by Sysinternals (acquired by Microsoft). Part of the Sysinternals software suit, Process Explorer goes above and beyond Task Manager to provide the user with much more control of their computer for proactive management. It is a portable exe that is used by millions of users and is a must have for sys admins and malware analysts amongst everyday users as well. Task Manager is a great program nowadays (it was rather lacking in XP), however it still seems behind Process Explorer in terms of features. We have to wait for a new Service Pack or Operating System to get a new version. Process Explorer has been dubbed "super task manager" since its creation and the name still holds true today.

Note: In Task Manager, Resource Monitor found in Performance Tab > Resource Monitor provides much more functionality similar to Process Explorer although it is not technically part of Task Manager (it is perfmon.exe) While very handy, Process Explorer does all of this and more, while remaining an all in one solution.

Below is a list of a small list of the really handy features I use almost every day.

Tree view of process creation

Wondering what process created your process? If I start notepad from a cmd prompt I can see this using process explorer's default tree view.

Hardware monitoring in graph form (CPU/RAM etc)

Resource Monitor has this but is rather cumbersome to use. We can see how much RAM has been used easily in this example.

More accurate reporting of stats

Process Explorer shows you when processes are using <1% (0.01%) of the processor. Many times you will look in Task Manager and it will show you processes that are using 1% of the CPU but anything less than that is ignored.

Process highlighting

Inside Process Explorer, you can choose highlighting of processes to get an easier look at the type of process it is. Is it a service, a user process, a packed process? The latter is rather useful for detecting malware. Note the lack of colours on the task manager picture above.

Troubleshooting problems by using Thread Stack Traces (rather advanced)

Need to know what your process is doing in depth? What APIs it's calling? Stack traces are the way to go. With Debugging tools for Windows you will see the specific API's for windows processes but without the debugging files you will see some offsets like in my example. (Debugging tools not installed on this system at this time). If you can get a hold of the debugging file of an exe you can use this too!

Summary

I've skipped lots of features.. TCP, strings, GPU per process, cmd command line switches, malware diagnosis features for a start. If you want to know more there are a bunch of videos on TechNet and Channel9 on how to use Process Explorer including tutorials and in-depth coverage. Hopefully this little intro helps you out in your everyday computer use :-)

View all Informatics Centre blog posts.