Defrag Tools: #2 - Process Explorer

Posted: Aug 06, 2012 at 4:28 PM

By: Larry Larsen, Andrew Richards

(12)

74,982 Views

12 Comments

Video format

Option selected may change based on video formats available and browser capability.

Auto

Use our suggested format for this video.

Smooth Streaming

Adaptive bitrate streaming - little buffering but lower video quality at times of low bandwidth. Silverlight 5 required

Progressive

Traditional buffered video format. Silverlight 5 required

HTML5

For browsers that support H.264 MP4 or WebM video playback such as:
IE9+, Firefox 4+, Chrome 5+, or Safari 4+.

Flash

For browsers that have the Adobe Flash Player plugin installed.

In this episode of Defrag Tools, Andrew and I walk you through Sysinternals Process Explorer. Process Explorer is a comprehensive replacement for Task Manager. It allows you to view the details of the processes running on the computer, both at a point in time and historically. The performance graphs allow you to view the CPU, I/O, Memory and GPU usage. Process Explorer can be used to find file locks, loaded DLLs, autostart locations, and many more things.

Resources:
Sysinternals Process Explorer

Timeline:
[00:15] - www.sysinternals.com
[01:18] - Launching & EULA
[02:45] - Task Manager vs. Process Explorer
[03:30] - CPU Usage
[05:00] - OS Support - Windows XP/2003 SP3 and above - x86, x64 and IA64
[05:25] - Multiple Architecture binary - procexp.exe (32bit) creates procexp64.exe (64bit) on x64 system
[06:53] - "Show Details for all users" to access all processes
[07:24] - Interrupts not shown in Task Manager (it's in Idle)
[07:56] - Performance Graphs - Menu, Tray and System Information
[09:00] - System Commit (Limit) - Physical Memory + Pagefile
[10:22] - Historical data via tooltips on graphs
[11:24] - Always run Process Explorer - "procexp.exe /t /e" with run it elevated and will immediately minimize it to the notification tray (note, these switches are order sensitive)
[13:12] - Data obtained via the Process Explorer device driver
[14:20] - Process Tree
[16:06] - Autostart Location and the Explore button (Jump to)
[17:30] - Find Window target tool
[18:07] - Security - Integrity Levels (and UAC Virtualization), ASLR and Verified Signer
[21:50] - Columns - Process, I/O, GPU, Handle (View), DLL (View) and .NET
[26:18] - Sysinternals Administrator's Reference - [Amazon]
[26:42] - File Menu
[26:55] - Options Menu - in particular: Replace Task Manager, Minimize to Tray and Configure Symbols
[36:40] - View Menu - in particular: Lower Pane, DLL View and Handle View (includes Find)
[39:12] - Process Menu
[39:43] - Find, Users and Help Menus
[40:00] - Properties dialog
[41:05] - Tooltip of service processes

Examples:
Case of the Unexplained... by Mark Russinovich
Sysinternals Gems by Aaron Margosis

Follow the Discussion

Oops, something didn't work.

Try again?

Getting "follow" information

Stop following these comments

Start following these comments

Removing your "follow"

Setting up your "follow"

Subscribe to this comments

Follow
Oops, something didn't work.

Try again?

Sign In to be begin to follow these comments

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.

Getting "follow" information

Stop following these comments

Start following these comments

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.

Removing your "follow"

Setting up your "follow"

Did you know you can
sign up for email notifications?
- Subscribe to this comments

Halconnen

Aug 07, 2012 at 12:12 PM

As for compressed .exe files generally being malware:

There's this company called Skype. Which was purchased by Microsoft. The Skype.exe file is compressed.

I wonder why?
windev Andrew Richards

Aug 07, 2012 at 12:43 PM

@Halconnen: I noticed that after we taped the show on a friend's machine. My guess is that they compress the EXE to reduce the size on disk.
Halconnen

Aug 08, 2012 at 4:57 AM

@windev: After looking at a few other computers, some other applications that seem generally benign get marked purple as well. uTorrent is one I remember.
Better ProcessExplroer

Aug 08, 2012 at 10:55 PM

Here is the better ProcessExplorer:

http://processhacker.sourceforge.net/

It is opensource and you can learn much more about Windows.
ChemDeerby

Aug 27, 2012 at 8:04 AM

The nub question is: I have a shortcut in my start up folder using the t and /e options. Is there a way to configure my procexp.exe start up shortcut so that the UAC dialogue doesn't come up.
MagicAndre1981 xperf addicted

Aug 28, 2012 at 5:32 AM

Use Task-Scheduler to bypass the UAC prompt:
https://www.google.de/#hl=en&sclient=psy-ab&q=bypass+uac+task+scheduler
attifhellal

Nov 03, 2012 at 1:43 AM

this was very helpfull many thanks
tiberriver256

Jan 04, 2013 at 12:24 PM

I love that I have been inducted into the uber elite of IT just by watching this show. You guys are AMAZING ;)
thejoeyo

Jan 08, 2013 at 8:59 AM

I'm running Windows 8. I followed the steps in this video and the previous one to get the symbols to show up, but they're not showing up. I copied and ran the scripts from the previous video. I also changed the paths process explorer as directed in this video. Any idea why I can't get the symbols?
STIH

Feb 14, 2013 at 5:16 PM

This video has English subtitles for?
thejoeyo

Mar 31, 2013 at 8:30 PM

I figured it out. I had to jump to Episode 28 to get the info. Thanks!
thejoeyo

Mar 31, 2013 at 8:33 PM

Oops. I meant Episode 23.