Defrag Tools: #2 - Process Explorer

Download this episode

Download Video


In this episode of Defrag Tools, Andrew and I walk you through Sysinternals Process Explorer. Process Explorer is a comprehensive replacement for Task Manager. It allows you to view the details of the processes running on the computer, both at a point in time and historically. The performance graphs allow you to view the CPU, I/O, Memory and GPU usage. Process Explorer can be used to find file locks, loaded DLLs, autostart locations, and many more things.

Sysinternals Process Explorer

[00:15] -
[01:18] - Launching & EULA
[02:45] - Task Manager vs. Process Explorer
[03:30] - CPU Usage
[05:00] - OS Support - Windows XP/2003 SP3 and above - x86, x64 and IA64
[05:25] - Multiple Architecture binary - procexp.exe (32bit) creates procexp64.exe (64bit) on x64 system
[06:53] - "Show Details for all users" to access all processes
[07:24] - Interrupts not shown in Task Manager (it's in Idle)
[07:56] - Performance Graphs - Menu, Tray and System Information
[09:00] - System Commit (Limit) - Physical Memory + Pagefile
[10:22] - Historical data via tooltips on graphs
[11:24] - Always run Process Explorer - "procexp.exe /t /e" with run it elevated and will immediately minimize it to the notification tray (note, these switches are order sensitive)
[13:12] - Data obtained via the Process Explorer device driver
[14:20] - Process Tree
[16:06] - Autostart Location and the Explore button (Jump to)
[17:30] - Find Window target tool
[18:07] - Security - Integrity Levels (and UAC Virtualization), ASLR and Verified Signer
[21:50] - Columns - Process, I/O, GPU, Handle (View), DLL (View) and .NET
[26:18] - Sysinternals Administrator's Reference - [Amazon]
[26:42] - File Menu
[26:55] - Options Menu - in particular: Replace Task Manager, Minimize to Tray and Configure Symbols
[36:40] - View Menu - in particular: Lower Pane, DLL View and Handle View (includes Find)
[39:12] - Process Menu
[39:43] - Find, Users and Help Menus
[40:00] - Properties dialog
[41:05] - Tooltip of service processes

Case of the Unexplained... by Mark Russinovich
Sysinternals Gems by Aaron Margosis



Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image

      As for compressed .exe files generally being malware:

      There's this company called Skype. Which was purchased by Microsoft. The Skype.exe file is compressed.

      I wonder why?

    • User profile image

      @Halconnen: I noticed that after we taped the show on a friend's machine.  My guess is that they compress the EXE to reduce the size on disk.

    • User profile image

      @windev: After looking at a few other computers, some other applications that seem generally benign get marked purple as well. uTorrent is one I remember.

    • User profile image
      Better ​Process​Explroer

      Here is the better ProcessExplorer:

      It is opensource and you can learn much more about Windows.

    • User profile image

      The nub question is: I have a shortcut in my start up folder using the t and /e options. Is there a way to configure my procexp.exe start up shortcut so that the UAC dialogue doesn't come up.

    • User profile image
    • User profile image

      this was very helpfull many thanks

    • User profile image

      I love that I have been inducted into the uber elite of IT just by watching this show. You guys are AMAZING ;)

    • User profile image

      I'm running Windows 8. I followed the steps in this video and the previous one to get the symbols to show up, but they're not showing up. I copied and ran the scripts from the previous video. I also changed the paths process explorer as directed in this video. Any idea why I can't get the symbols?

    • User profile image

      This video has English subtitles for?  Cool


    • User profile image

      I figured it out. I had to jump to Episode 28 to get the info. Thanks!

    • User profile image

      Oops. I meant Episode 23.

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you can Contact Us.