Defrag Tools: #2 - Process Explorer

Download this episode

Download Video


In this episode of Defrag Tools, Andrew and I walk you through Sysinternals Process Explorer. Process Explorer is a comprehensive replacement for Task Manager. It allows you to view the details of the processes running on the computer, both at a point in time and historically. The performance graphs allow you to view the CPU, I/O, Memory and GPU usage. Process Explorer can be used to find file locks, loaded DLLs, autostart locations, and many more things.

Sysinternals Process Explorer

[00:15] -
[01:18] - Launching & EULA
[02:45] - Task Manager vs. Process Explorer
[03:30] - CPU Usage
[05:00] - OS Support - Windows XP/2003 SP3 and above - x86, x64 and IA64
[05:25] - Multiple Architecture binary - procexp.exe (32bit) creates procexp64.exe (64bit) on x64 system
[06:53] - "Show Details for all users" to access all processes
[07:24] - Interrupts not shown in Task Manager (it's in Idle)
[07:56] - Performance Graphs - Menu, Tray and System Information
[09:00] - System Commit (Limit) - Physical Memory + Pagefile
[10:22] - Historical data via tooltips on graphs
[11:24] - Always run Process Explorer - "procexp.exe /t /e" with run it elevated and will immediately minimize it to the notification tray (note, these switches are order sensitive)
[13:12] - Data obtained via the Process Explorer device driver
[14:20] - Process Tree
[16:06] - Autostart Location and the Explore button (Jump to)
[17:30] - Find Window target tool
[18:07] - Security - Integrity Levels (and UAC Virtualization), ASLR and Verified Signer
[21:50] - Columns - Process, I/O, GPU, Handle (View), DLL (View) and .NET
[26:18] - Sysinternals Administrator's Reference - [Amazon]
[26:42] - File Menu
[26:55] - Options Menu - in particular: Replace Task Manager, Minimize to Tray and Configure Symbols
[36:40] - View Menu - in particular: Lower Pane, DLL View and Handle View (includes Find)
[39:12] - Process Menu
[39:43] - Find, Users and Help Menus
[40:00] - Properties dialog
[41:05] - Tooltip of service processes

Case of the Unexplained... by Mark Russinovich
Sysinternals Gems by Aaron Margosis



Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image

      As for compressed .exe files generally being malware:

      There's this company called Skype. Which was purchased by Microsoft. The Skype.exe file is compressed.

      I wonder why?

    • User profile image

      @Halconnen: I noticed that after we taped the show on a friend's machine.  My guess is that they compress the EXE to reduce the size on disk.

    • User profile image

      @windev: After looking at a few other computers, some other applications that seem generally benign get marked purple as well. uTorrent is one I remember.

    • User profile image
      Better ​Process​Explroer

      Here is the better ProcessExplorer:

      It is opensource and you can learn much more about Windows.

    • User profile image

      The nub question is: I have a shortcut in my start up folder using the t and /e options. Is there a way to configure my procexp.exe start up shortcut so that the UAC dialogue doesn't come up.

    • User profile image
    • User profile image

      this was very helpfull many thanks

    • User profile image

      I love that I have been inducted into the uber elite of IT just by watching this show. You guys are AMAZING ;)

    • User profile image

      I'm running Windows 8. I followed the steps in this video and the previous one to get the symbols to show up, but they're not showing up. I copied and ran the scripts from the previous video. I also changed the paths process explorer as directed in this video. Any idea why I can't get the symbols?

    • User profile image

      This video has English subtitles for?  Cool


    • User profile image

      I figured it out. I had to jump to Episode 28 to get the info. Thanks!

    • User profile image

      Oops. I meant Episode 23.

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.