Process Explorer - Sysinternals

Overview

• Process Explorer is a tool by Sysinternals and is now under Microsoft.
• Provides information about which handles and DLLs processes have opened or loaded.
• Useful for diagnosing DLL-version problems and handle leaks.
• Offers insight into Windows and applications' operations.

Features

• Two sub-windows:
  • Top window: Displays currently active processes and their owning accounts.
  • Bottom window: Shows handles or DLLs and memory-mapped files based on mode.
• Powerful search capability for processes with specific handles or DLLs.

Usage and Installation

• Download size: 3.3 MB
• Installation: Simply run Process Explorer (procexp.exe).
• Compatibility:
  • Client: Windows 10 and higher.
  • Server: Windows Server 2016 and higher.

Related Tools and Resources

• Handle: A command-line handle viewer.
• ListDLLs: A command-line DLL viewer.
• PsList: A local/remote command-line process lister.
• PsKill: A local/remote command-line process killer.
• Windows Internals Book: By Mark Russinovich and David Solomon.
• Windows Sysinternals Administrator's Reference: Guide by Mark Russinovich and Aaron Margosis.

Additional Resources

• Video tutorials and episodes on how to use Process Explorer effectively.
• Training modules on support and diagnostic tools for troubleshooting Windows.
• Sysinternals Suite includes a collection of tools for Windows diagnostics.

Notes on Symbols

• Path to DBGHELP.DLL and symbol server configuration is needed.
• SYMSRV.DLL must support the server paths used.