Defrag Tools: #2 - Process Explorer

Play Defrag Tools: #2 - Process Explorer
Sign in to queue


In this episode of Defrag Tools, Andrew and I walk you through Sysinternals Process Explorer. Process Explorer is a comprehensive replacement for Task Manager. It allows you to view the details of the processes running on the computer, both at a point in time and historically. The performance graphs allow you to view the CPU, I/O, Memory and GPU usage. Process Explorer can be used to find file locks, loaded DLLs, autostart locations, and many more things.

Sysinternals Process Explorer

[00:15] -
[01:18] - Launching & EULA
[02:45] - Task Manager vs. Process Explorer
[03:30] - CPU Usage
[05:00] - OS Support - Windows XP/2003 SP3 and above - x86, x64 and IA64
[05:25] - Multiple Architecture binary - procexp.exe (32bit) creates procexp64.exe (64bit) on x64 system
[06:53] - "Show Details for all users" to access all processes
[07:24] - Interrupts not shown in Task Manager (it's in Idle)
[07:56] - Performance Graphs - Menu, Tray and System Information
[09:00] - System Commit (Limit) - Physical Memory + Pagefile
[10:22] - Historical data via tooltips on graphs
[11:24] - Always run Process Explorer - "procexp.exe /t /e" with run it elevated and will immediately minimize it to the notification tray (note, these switches are order sensitive)
[13:12] - Data obtained via the Process Explorer device driver
[14:20] - Process Tree
[16:06] - Autostart Location and the Explore button (Jump to)
[17:30] - Find Window target tool
[18:07] - Security - Integrity Levels (and UAC Virtualization), ASLR and Verified Signer
[21:50] - Columns - Process, I/O, GPU, Handle (View), DLL (View) and .NET
[26:18] - Sysinternals Administrator's Reference - [Amazon]
[26:42] - File Menu
[26:55] - Options Menu - in particular: Replace Task Manager, Minimize to Tray and Configure Symbols
[36:40] - View Menu - in particular: Lower Pane, DLL View and Handle View (includes Find)
[39:12] - Process Menu
[39:43] - Find, Users and Help Menus
[40:00] - Properties dialog
[41:05] - Tooltip of service processes

Case of the Unexplained... by Mark Russinovich
Sysinternals Gems by Aaron Margosis



Right click to download this episode

The Discussion

  • User profile image

    As for compressed .exe files generally being malware:

    There's this company called Skype. Which was purchased by Microsoft. The Skype.exe file is compressed.

    I wonder why?

  • User profile image

    @Halconnen: I noticed that after we taped the show on a friend's machine.  My guess is that they compress the EXE to reduce the size on disk.

  • User profile image

    @windev: After looking at a few other computers, some other applications that seem generally benign get marked purple as well. uTorrent is one I remember.

  • User profile image
    Better ​Process​Explroer

    Here is the better ProcessExplorer:

    It is opensource and you can learn much more about Windows.

  • User profile image

    The nub question is: I have a shortcut in my start up folder using the t and /e options. Is there a way to configure my procexp.exe start up shortcut so that the UAC dialogue doesn't come up.

  • User profile image
  • User profile image

    this was very helpfull many thanks

  • User profile image

    I love that I have been inducted into the uber elite of IT just by watching this show. You guys are AMAZING ;)

  • User profile image

    I'm running Windows 8. I followed the steps in this video and the previous one to get the symbols to show up, but they're not showing up. I copied and ran the scripts from the previous video. I also changed the paths process explorer as directed in this video. Any idea why I can't get the symbols?

  • User profile image

    This video has English subtitles for?  Cool


  • User profile image

    I figured it out. I had to jump to Episode 28 to get the info. Thanks!

  • User profile image

    Oops. I meant Episode 23.

Add Your 2 Cents