|
|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
| (slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix | |||||||
|
|
Process viewers are very useful in detection and removing spyware. For any decent Os there should be both command line and GUI version of this tool.
In Windows the ability to show path from which a particular component is loaded is very important. Good tool should also give an ability to annotate entries and reproduce annotations in subsequent runs as to remember what each process means in windows is next to impossible task even for Windows professional to say nothing about regular users.
Microsoft due to its monopoly position suppously should be an integrator of good ideas from third party software into the next version of Windows. Instead like any large corporation it gradually became a typical lazy, greedy predator of corporate jungles. Under Bill Gates this process was just much slower then usual. Situation with networking worms and other malware on Windows was quite clear during Windows 2000 prime time, if not earlier. Still Windows 7 and Office 2010 demonstrates quite clearly that Microsoft deteriorated as a software development company
Tips:
|
|
Unfortunately Microsoft cut corners in the design of the built-in process viewer and it has severe limitations:
It is impossible to save process information to file. Here Igor Nys PrcView shines as it has command line variant pv.exe. It is really excellent design of this program. Far, far better that anything Microsoft supplies.
There is no way to save information in the current ver other that take
the picture.
Igor Nys PrcView
has Save Current View button (F2). You can use Menu/Toolbar in the main view or
F2 in any view to save information
in the corresponding window.
There is no Process Finder Tool. In Windows it is as important as a handgun in encounter with a criminal. Especially you get some pop-up from scareware that asks you to pay the money or ... :-). With the Process Finder Tool you can find the process corresponding to a selected window. Here Igor Nys PrcView shines again. To find a process:
There is not information about exact path for a file from which the process
was created. All I can say, shame on you Microsoft. With the
amount of spyware for windows not to supply the pass is worse then a crime,
it is a blunder...
There is no way to view properties of the process like organization who created
executable, whether executable is signed or not, version and so on.
PrcView
shines
here as well. It you click on the name of the process it supplies a pop-up
with all the necessary information. Mark Russinovich's
Process
Explorer and
Process
Monitor are also not bad.
There is no information about relationship of GUID to files and registry entries. Registry mess created a lot of problem related to determining what registry entry are related to particular executables. There are so many places were malware can be inserted in Window registry that I started thinking that this was the idea sponsored by antivirus companies ;-). I generally hate Microsoft's globally unique identifiers (GUIDs). It proved to be a treasure trove for malware writers. ActiveX uses GUID to identify each control. The idea is that you do need to know the path so for a particular computer GUID is nothing but a long unreadable alias. And there is no tools that can easily relate it to the actual file. Here is Wikipedia write up that demonstrates how messy is this mess :
In the Microsoft Component Object Model (COM), GUIDs are used to uniquely distinguish different software component interfaces. This means that two (possibly incompatible) versions of a component can have exactly the same name but still be distinguishable by their GUIDs. For example, in the creation of components for Microsoft Windows using COM, all components must implement the IUnknown interface to allow client code to find all other interfaces and features of that component, and they do this by creating a GUID which may be called upon to provide an entry point. The IUnknown interface is defined as a GUID with the value of {00000000-0000-0000-C000-000000000046}, and rather than having a named entry point called "IUnknown", the preceding GUID is used, thus every component that provides an IUnknown entry point gives the same GUID, and every program that looks for an IUnknown interface in a component always uses that GUID to find the entry point, knowing that an application using that particular GUID must always consistently implement IUnknown in the same manner and the same way.
GUIDs are also inserted into documents from Microsoft Office programs. Even audio or video streams in the Advanced Systems Format (ASF) are identified by their GUIDs.
There are several flavors of GUIDs used in COM:
- IID – interface identifier; (The ones that are registered on a system are stored in the Windows Registry at the key HKEY_CLASSES_ROOT\Interface)
- CLSID – class identifier; (Stored in the registry at HKEY_CLASSES_ROOT\CLSID)
- LIBID – type library identifier;
- CATID – category identifier; (its presence on a class identifies it as belonging to certain class categories)
DCOM introduces many additional GUID subtypes:
- AppID – application identifier;
- MID – machine identifier;
- IPID – interface pointer identifier; (applicable to an interface engaged in RPC)
- CID – causality identifier; (applicable to a RPC session)
- OID – object identifier; (applicable to an object instance)
- OXID – object exporter identifier; (applicable to an instance of the system object that performs RPC)
- SETID – ping set identifier; (applicable to a group of objects)
These GUID subspaces may overlap, as the context of GUID usage defines its subtype. For example, there might be a class using the same GUID for its CLSID as another class is using for its IID — all without a problem. On the other hand, two classes using the same CLSID could not co-exist.
I hope that eventually Microsoft will lose profitability and will be buried under the weight of complexity tsunami it created ;-)
And while process viewer is only a small part of Windows it tells a lot about Microsoft as software developer. And this situation is one reason that explains why alternative process viewers proliferated and became an indispensable additional tool for Windows. There are several reasonable choices among free process viewers:
Process Explorer This is a free software from Microsoft. It is actively supported. Current version as of August 2012 is 15.22. From the Technet page:
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
PrcView. This is the best choice for Windows XP but the program is abandonware and was not updated since 2006. I generally recommend it for complex tasks like Spyware search. PrcView consists of two independent components:
GUI utility prcview.exe. Very nice, very polished, very well designed.
Command line utility, pv.exe. Option -e provides extended information. For example, pv -e produces a nice baseline for running process that includes both PID and the path to the executable.
What it important it can give you the full list of DLLs for each running
application, including full path, version information, vendor and other
information from the header (Right click on each application produces menu with
more then a dozen options).
Important: You can write the list of processes
to the file creating a baseline. “Before” and “after” snapshots of the
processes after boot when compared to one another—for example, using the
Windiff.exe utility included in the Windows
2000 Resource Kit or in the Windows XP Support Tools (or other
diff tools) —can
reveal exactly what happens
HijackThis is a utility which proved to be very useful in searching
for Spyware. It includes built-in process viewer, but standalone process viewers
like PrcView are more comprehensive as for
information about running processes. The key drawback is that there is no way
to run this program in command line mode.
PsList by Mark Russinovich also can be used. This is a high quality
tool that now is distributed by Microsoft. Mark Russinovich continues to maintain
it after joining Microsoft.
FAR contain a primitive
process explorer plug-in as well as registry viewer plug-in. That might be useful
in some situations.
Free command line tool from Microsoft
PViewer ( Process Viewer from Microsoft Resource Kit). It also displays
information about a running process and allows you to stop (kill) processes
and change process priority.
Microsoft Windows Defender includes process viewer. Unfortunately there is no such tool for Microsoft security Essentials.
|
|
Switchboard | ||||
| Latest | |||||
| Past week | |||||
| Past month | |||||
 |
 |
 |
June 4, 2012 | http://www.techsupportalert.com/
System Explorer was referred by a site visitor and was new to me, although it has been around a couple of years. It did not take me long to appreciate all that this program has to offer, and I was pleasantly surprised by how easy it is to use.
This application has some truly useful features available, such as the ability to take and compare snapshots of your files and registry, to upload files to Virustotal, and to perform an online look up of files or processes straight from the GUI. This handy process viewer also gives you mouse over information on known files, as well as many options to further manipulate processes, files, and services. Everything you need to get to is organized in a left-hand column and you can view everything from your services and processes, Internet Explorer Add-ons, to protocol filters and handlers for Windows Explorer.
I admit a lot of this stuff you might not use very much and some software can get kind of bloated when there are this many features but it is no problem here, and everything fits together very nicely. In my opinion, System Explorer is absolutely the best free process viewer available even if it is missing a few of the more advanced features.
Process Hacker and Process Explorer share a very similar interface, the only difference being the drop down information bar in Process Explorer. However, this is the only feature that the SysInternal's crew wins at. Process Hacker is a feature rich application with the ability to terminate those pesky processes that you are not allowed to kill in the Windows Task Manager and even Process Explorer. It can also sniff out some hidden processes, allowing you to find some basic rootkits if you are infected. This tool offers loads more features than I have mentioned, and contains almost everything you will ever need in a process viewer.
I had a hard time moving Process Explorer from its top spot, and what it finally came down too was the lack of features. I'm sure some average users who just want to tame a process, kill a hanging program, or check on memory consumption will appreciate the lesser amount of features. The bottom line is that while this application did fall a few spots, it will remain one of the best and most solid choices for anyone who is looking for a little more than the Windows Task Manager offers.
|
|
|
Remote Process Viewer is a free remote Windows Task Manager for your network. It displays all processes currently running on a chosen network client. This remote process explorer shows detailed information for all running processes on the remote computer and reveals information such as the process file name, full path, PID (process identifier), RAM, CPU time, Handles, PID of the parent process, user session ID, number of threads and process priority.
There is absolutely no installation required. Simply download and run the software. Select a client you want to analyze. Now you see all processes on the remote computer. Remote Process Viewer uses the WMI service built into Windows. This means it does not require any additional software installation on the computers that you are connecting to (agentless monitoring).
|
|
|
February 4, 2009
Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
|
|
|
November 3, 2009
Download Process Monitor (1.24 MB)
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit. Overview of Process Monitor Capabilities Process Monitor includes powerful monitoring and filtering capabilities, including:
- More data captured for operation input and output parameters
- Non-destructive filters allow you to set filters without losing data
- Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation
- Reliable capture of process details, including image path, command line, user and session ID
- Configurable and moveable columns for any event property
- Filters can be set for any data field, including fields not configured as columns
- Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
- Process tree tool shows relationship of all processes referenced in a trace
- Native log format preserves all data for loading in a different Process Monitor instance
- Process tooltip for easy viewing of process image information
- Detail tooltip allows convenient access to formatted data that doesn't fit in the column
- Cancellable search
- Boot time logging of all operations
The best way to become familiar with Process Monitor's features is to read through the help file and then visit each of its menu items and options on a live system.
|
|
|
09/22/2008
... ... ...
Autoruns
Unnecessary services and applications that run whenever you start your PC or log in to it are a big cause of system slowdowns. Unfortunately, it's tough to identify every item that starts up, because nothing in Windows gives you such information. That's why you need this free tool. It displays every program and service running and offers a great deal of detail about each, such as associated .dll files, the program or service name, and its location on your PC. With that knowledge, you can decide what you don't want to run on startup.
Download Autoruns | Price: Free
Security Task Manager
Similar to Autoruns, this excellent tool shows you every running program and process. The utility also indicates whether the program is likely malicious, its type, how it launched (for example, upon startup or from within Windows Explorer), and the file name. It lets you delete any program and process with a single click. It also rates files according to how harmless or dangerous they may be. To stop a program, highlight it, click Remove, and you're done.
Download Security Task Manager | Price: $29 (Trial)
WinPatrol
This very good all-around system optimizer frees your PC of unnecessary programs that run on startup and keeps it clean of spyware and other malware. Whenever a program tries to start automatically, WinPatrol sends you an alert so you can block it. In addition, it shows details about the program, including the creator, when the program was added, the file name, and so on. The Delayed Start feature allows you to put off the launch of certain programs for up to an hour. That way, you'll still have access to the program when you need it.
Download WinPatrol | Price: Free
|
|
|
|
|
|
Trend Micro has acquired HijackThis, the freeware spyware-removal program created by Merijn Bellekom.
Financial terms of the deal, believed to be all-cash, were not released. This is the second transaction between Trend Micro and Bellekmom, following the company's purchase of CWShredder, a standalone utility used to remove the virulent Cool Web Search spyware program.
HijackThis is the de-facto standard for spyware removal from Windows systems. The tool generates a plaintext logfile detailing all entries - registry and file settings - it finds and offers tech-savvy users the ability to remove or disable files associated with malware.
|
|
|
November 1, 2006. Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
Process Explorer works on Windows 9x/Me, Windows NT 4.0, Windows 2000, Windows XP, Server 2003, and 64-bit versions of Windows for x64 processors, and Windows Vista.
|
|
|
|
|
|
|
|
|
This GUI tool displays information about a running process and allows you to stop processes and change process priority.Note
- Process Viewer is similar to Pview.exe, but it can view processes on remote computers.
|
|
|
Security Task Manager shows all active processes on your computer. You can easily recognize the endangering potential of each process. No other Task Manager or Process Viewer has this feature. Furthermore you can put a process into quarantine or search the internet for information about that process.
|
|
|
Small command line utility to view, kill, suspend or set the priority and affinity of processes, perhaps from a batch file? . . Has a virus disabled your Task Manager? . . or perhaps your Administrator has?
The Command Line Process Utility will function even when the task manager is disabled and/or the dreaded "Task Manager has been disabled by your Administrator" dialog box appears.
Works on remote machines with the Microsoft Telnet Server (tlntsvr) found on Windows 2000 and XP or with BeyondExec for Windows NT4/2000/XP.
View processes, owners, and CPU time . .
Additional switches can be used to display User and Kernel Times (-t) or the Creation Time of processes (-c).
Kill Processes . . .
Processes can be killed immediately (terminated without saving files or cleaning up) by specifying either the name or the PID (Process IDentifier). In cases where there are multiple processes running with the same name and your desire is to kill a specific process you will need to use the PID.
If an image name such as iexplore.exe is specified, the utility will kill all processes by that name.
Close Processes . . .
On the other hand if you want to gracefully close programs by sending them a WM_CLOSE message first, you can used the -q option. This allows processes to clean up, save files, flush buffers etc. However it can cause deadlocks. e.g trying to close Microsoft Word when a unsaved, but edited document is open will generate a dialog box "Do you want to save changes to document 1?". This will prevent winword.exe from exiting until a user responds to the prompt.
When this option is used a WM_CLOSE message is immediately sent to the process. It then waits up to a default of 60 seconds for the program to clean up and gracefully close before it is killed. The different timeout can be specified as an option after the PID/Image Name.
Suspend & Resume Processes . . .
Processes can be suspended if you need some extra CPU cycles without having to kill the process outright. Once the requirement for the extra CPU cycles has passed you may resume the process and carry on from where you left off. The process is suspended by sleeping all the processes' active threads.
Suspending a process causes the threads to stop executing user-mode (application) code. It also increments a suspend count for each thread. Therefore if a process is suspended twice, two resume operations will be required to resume the process (Decrement the suspend count to zero).
Change the priority of processes . . .
When viewing the list of processes, the 4th column shows the base priority of a process. This is a numeric value from zero (lowest priority) to 31 (highest priority). You may set the base priority of a process by specifying one of the priority classes below.
Low 4
BelowNormal 6
Normal 8
AboveNormal 10
High 13
Realtime 24
Please note Windows NT4 does not support the Above Normal and Below Normal priority classes. Specifying these two parameters on a Windows NT4 machine will result in a " The Parameter is incorrect " error.
Change the affinity of processes . . .
The affinity is a mask which indicates on which processors (CPUs) a process can run. This is only useful on multiprocessor systems. When the -a option is used in conjunction with a process name or PID, the utility will show the System Affinity Mask and the Process Affinity Mask. The System Affinity Mask shows how many configured processors are currently available in a system. The Process Affinity Mask indicates on what processor(s) the specified process can run on.
To set the affinity mask, simply append the binary mask after the PID/Image Name. Any leading zeros are ignored, so there is no requirement to enter the full 32 bit mask.
Download
Version 2.03, 25K bytes. (Freeware)
Now supports Windows NT4 Workstation and Server, plus continued support for Windows 2000/XP in a single executable.
Revision History
- 5th June 2003 - Version 2.03
- Added -c switch which displays the creation times of processes.
- 29th May 2003 - Version 2.02
- Corrected Inaccurate CPU % Times.
- Added -t switch which displays both User Mode and Kernel Mode CPU times.
- 15th May 2003 - Version 2.01
- Fixed memory allocation errors for systems with greater than 100 processes. Application will handle a maximum of 65535 processes.
- Fixed bug in -q, -k when used with PID. Specifying a PID would kill all processes with the same name than the specified process.
- Fixed bug with the -a switch when used with PID.
- 26th April 2003 - Version 2.00pre1 (Pre-Release Beta)
- Caved in to overwhelming demand for support for Windows NT4. Rewrote code to detect operating system and use appropriate API calls plus a couple of undocumented calls to provide all the functionality of previous versions yet across all three NT platforms.
- Added preliminary support for the setting and display of Affinity Masks for multi processor systems.
- Added support for killing multiple processes by name. e.g using -k iexplorer.exe will kill all running instances of Internet Explorer, something previously accomplished by a batch file.
- Added the ability to specify the timeout for the -q option.
- Improved OpenProcess access so CPU time can now be sought from processes we don't have adequate rights too.
- 15th April 2003 - Version 1.03
- Modified string to number conversion to correct problem with strings contain leading numbers. eg process -s 3dsmax.exe would try to suspend the process with PID 3 and not 3dsmax.exe.
- Added -q Send WM_CLOSE message option. This will gracefully issue a WM_CLOSE message to the program and wait for it to close.
- 21st December 2002 - Version 1.01
- Corrected problems with exit codes
- 0 = Success (Process found and desired action performed)
- 1 = Miscellaneous Error.
- 2 = Cannot find Process (No processes left my this name)
- 22nd September 2002 - Version 1.00
- First release to public.
|
|
|
|
|
|
Process Monitor By Mark Russinovich and Bryce Cogswell
PrcView by Igor Nys
Introduction
PrcView is a process viewer utility that displays detailed information about processes running under Windows. For each process it displays memory, threads and module usage. For each DLL it shows full path and version information. PrcView comes with a command line version that allows you to write scripts to check if a process is running, kill it, etc.
What's new
- Minor bug fixes
- Fixed bug that causes process environment appear corrupted on Win 9x
- Shows process startup directory
- Shows/sets process affinity (UI version only)
- Command line and window title filters in command-line version
What's new in 3.0
- DLL usage summary - displays all DLL's currently in use, shows processes which use selected DLL
- Displays complete task tree – parent/child relationships for all processes in the system
- Displays Task list like the standard task manager
- PrcView distribution now includes PV.EXE - a new utility that provides PrcView functionality from the command-line. Use pv –h for more information about available options.
What's new in 2.0
- Get the full list of DLL's for each running process including FULL PATH for each loaded module - discover what DLL's your process really uses and where they are located.
- Double click on any module or process to get the full version information
- Save any view as a tab-separated text file by just pressing F2
- Process Finder Tool - just drag the finder icon and drop it to the process Window to select the desired process
- Smooth update - you don't need to press the refresh "button" to get the updated list of all processes, PrcView periodically updates the process list for you
- New look and nice icons
Installation
No special installation is required on Windows 95/98. Create a new, empty folder and place the files PRCVIEW.EXE and PRCVIEW.HLP there. For Windows NT4 you will also need a PSAPI.DLL that is part of the PrcView archive.
Main Window
The main window shows you a list of running processes including information process Id, priority, and full path to the process module. You can sort columns by clicking on the column header.
Note that although you don't need to have administrative privilege on Windows NT to run PrcView, list of task PrcView can access depends on your set of privileges.
Show modules
Information about each loaded module including the module name, the module base address in process space, the module size and full to the loaded module path.
Show version
You can display comprehensive version information by double-clicking the appropriate line in the main or module window
Show threads
Information about all process threads including threads Id and priority. Note that if PrcView uses Performance Data Helper to enumerate threads under Windows NT, it can take a few seconds at the first time to open the list of threads while Windows is loading all necessary libraries.
Show Memory
Information about all memory blocks belonging to the selected process. Contains information about base address, protection, size and state for each memory block.
Show Heaps
Information about all heaps allocated by the selected process. You can display heap memory blocks by double clicking on the appropriate heap in the list box
Show Version
Displays version information about selected module. You can display version information by double-clicking the appropriate line in the main or module window
Kill process
Just another way to kill a selected process. Note that killing a process can cause undesired results including loss of data and system instability. The process will not be given a chance to save its state or data before it is terminated. It is advisable to try the "Notify" button in the "Kill" dialog to close a GUI-based application first (via WM_SYSCOMMAND)
Debug process
Nice way to attach a debugger to a running application. PrcView reads the "AeDebug" key and starts a registered debug application. PrcView allows you not only to select a process to debug but also to associate a particular project with it. This is especially useful while debugging an DLL that has a separate project. Associations are stored in the registry.
Set priority class
Allows you to specify a new priority class for the selected process.
The Process Finder Tool
With the Process Finder Tool you can find the process corresponding to a selected window. To find a process:
- Arrange your windows so that PrcView and the window of the desired process are visible.
- Press the Find Process button on the toolbar.
- Keep left mouse button pressed while dragging the Finder Tool to the desired window.
- Release mouse button. PrcView will select the corresponding process in the main view.
Process Tree
Shows you the process hierarchy for all running processes. You can select the desired task by clicking on the process item in the Process Tree window.
Module Usage
Information about all loaded modules in the system including the module name, the module base address in process space, the module size and full to the loaded module path. Selecting a module from the module list shows only processes witch use a selected module. Selecting "Module Usage" again returns the main window to the original process list. You can display comprehensive version information by double-clicking the appropriate line in the window.
Show Application
Shows all top-level window titles. You can select the desired task by clicking on the process item in this window. Double-click sends the selected application to the front.
Configuration option
- Start Minimized – PrcView starts minimized. This option is useful in combination with the "Use System Tray" option if you plan to place PrcView in the "Startup" folder
- Use System Tray – PrcView places a small icon In the System Tray, hiding itself when minimized
- Allow Multiply Instances – If turned "on", PrcView allows to start more than one instance of the program. If turned "off" the instance of PrcView that is already running will be activated.
- Set Refresh Times – Allows to specify refresh times for main/thread/module windows. If specified time is greater than zero, PrcView will refresh windows cyclically.
Refreshing Information
Use Menu/Toolbar in the main view or F5 in any view to refresh information in the corresponding window
Save Current View
Use Menu/Toolbar in the main view or F2 in any view to save information in the corresponding window
Reporting Bugs and Feedback
If you encounter a problem while running PrcView, please visit http://www.prcview.com to obtain the latest version. If you still have problems, please send a description of your problem to
PrcView by Igor Nys is a very nice freeware process viewer. Can be used for spyware detection. This information shown includes such details as the creation time, version and full path for each DLL used by a selected process, a list of all threads, memory blocks and heaps.
- PrcVIew also allows you to kill and attach a debugger to a selected process. PrcView runs on both Windows 95/98 and Windows NT platforms and includes two versions: Gui based and command-line version of the
program:- PV.EXE - a utility that provides PrcView functionality from the command-line. Use pv –h for more information about available options.
Process Explorer by Mark Russinovich
Process Explorer for Windows v10.21
Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
What's new in Version 8.50:
- Finder tool for identifying the process that owns a selected window
- Strings listings for process and DLL images
- Google menu item for searching process and DLL information
- Tray tooltip shows highest-CPU consuming process
- Window status column (like Task Manager's Status column on the Applications tab)
- DLL view for System process shows list of loaded device drivers
What's new in Version 8.40:
- TCP/IP process properties page shows active TCP and UDP endpoints
- Display updating code eliminates all flicker
- 64-bit version shows which processes are 64-bit on process properties and adds 64-bit process column
- Additional opacity settings
- Improved symbol support
What's new in Version 8.30:
- Runs in non-admin account
- Treeview functionality to collapse and expand process subtrees
- Can bring process-owned window to the foreground
- System CPU graph shows timestamps and most-active process for any given point
- Per-process graph data tracked even when main window is minimized to tray
- Per-process graph data displays timestamps
- Tray icon has black background
- Can set process CPU affinity
- Process tooltip no longer between mouse pointer and process name
- Ability to add a comment to processes and new comment column
- More system information, including I/O deltas and paging data
- New process columns for I/O delta and page-fault delta
- More process performance information in process properties dialog
- Improved performance
What's new in Version 8.20:
- Can open multiple process properties dialogs simultaneously
- Process properties and thread stack dialogs are resizable
- System information dialog CPU and memory usage graphs like Task Manager
- More performance data on the System Information dialog
- Per-process CPU and memory graph tab in process properties
- Opacity settings
- New tray window context menu options
- More performance information on process properties dialog
- Lock option in shutdown menu
- Reconfigured menu items and highlighting configuration
- New status bar column options
What's new in Version 8.10:
- Status bar information is configurable to show CPU usage, commit charge, # of processes, and more
- Can terminate individual threads
- New Shutdown menu for logging off and shutting down the system
- Only allow one instance option
- Auto-open of lower pane when a find result is clicked
What's new in Version 8.0:
- .NET tab for .NET processes that shows AppDomains and .NET performance counters
- When the .NET Framework is detected a .NET tab on the column selection dialog for adding .NET performance counters
- Option to show only .NET processes
- Option to only show your own processes
- System Information dialog showing the same memory counters as Task Manager (when symbols are configured, also shows maximum paged and nonpaged pool values)
- Better symbol configuration guidance
- Difference highlight duration is configurable
- Tray icon for CPU usage that's yellow when usage is > 70% and red when > 90%
- Minimize-to-tray option
- Highlight color configuration dialog
- Context switch and context-switch delta columns
- Run processes using the system Run dialog from the File menu
- Replace task manager option so that when you run Task Manager Process Explorer runs instead
- Only non-zero CPU usage, .NET counters and context-switch values are displayed to clearly highlight process activity
- Search for DLLs or handles regardless of what mode the lower pane is in
- Correct icons for MMC windows
- Mouse hover over process names and DLL names shows full path of executable or DLL
Other Process Explorer features include:
- Support for full handle viewing on Win9x/Me (with the exception of Registry key handles)
- Process icons
- Service process highlighting
- Process tree display
- Configurable refresh rate
- Refresh highlighting: new entries in the process, handle and DLL views are green, and deleted ones red
- Listview tooltips
- DLL descriptions in the DLL view
- Highlights relocated DLLs
- Jump-to-entry in the find dialog
- Efficient refresh
- Runs on Windows 9x/Me
- Lists all process owners, even on Terminal Server systems
- Moveable columns
- Column selection and a wide variety of configurable process, DLL and handle columns
- Asynchronous updates of all views
- Configurable refresh highlighting effects
- Save function saves process view and current bottom view (handle or DLL)
- Minimize-to-tray option
- Process suspend/resume
- Thread details including stacks
- Fractional CPU usage
- Job object information
- Right-justified numeric columns with numeric formatting
- Mutex properties shows owning thread if mutex is owned
- More information in process properties
- Start time and CPU time process columns
- Option to hide the lower pane
- Kill process tree
- More accurate Registry key names for profile unload debugging
- Extensive help file
- Service descriptions on services tab of service process properties dialog
Process Explorerworks on Windows 9x/Me, Windows NT 4.0, Windows 2000, Windows XP, Server 2003, and 64-bit versions of Windows for x64 processors.
PsList
Sysinternals Freeware - Information for Windows NT and Windows 2000 - PsList
Most UNIX operating systems ship with a command-line tool called "ps" (or something equivalent) that administrators use to view detailed information about process CPU and memory usage. Windows NT/2K comes with no such tool natively, but you can obtain similar tools with the Windows NT Workstation or Server Resource Kits.
The tools in the Resource Kits, pstat and pmon, show you different types of information, and will only display data regarding the processes on the system on which you run the tools.
PsList is utility that shows you a combination of the information obtainable individually with pmon and pstat. You can view process CPU and memory information, or thread statistics. What makes PsList more powerful than the Resource Kit tools is that you can view process and thread statistics on a remote computer.
Installation
Just copy PsList onto your executable path, and type "pslist".PsList works on Windows NT, Windows 2000 and Windows XP.
Usage
See the September 2004 issue of Windows IT Pro Magazine for Mark's article that covers advanced usage of PsList.
The default behavior of PsList is to show CPU-oriented information for all the processes that are currently running on the local system. The information listed for each process includes the time the process has executed, the amount of time the process has executed in kernel and user modes, and the amount of physical memory that the OS has assigned the process. Command-line switches allow you to view memory-oriented process information, thread statistics, or all three types of data.
usage: pslist [-?] [-d] [-m] [-x][-t][-s [n] [-r n]][\\computer [-u username] [-p password]] [name | pid]
-? Displays the supported options and the units of measurement used for output values. -d This switch has PsList show statistics for all active threads on the system, grouping threads with their owning process. -m This switch has PsList show memory-oriented information for each process, rather than the default of CPU-oriented information. -x With this switch PsList shows CPU, memory and thread information for each of the processes specified. -t Shows the tree of processes. -s [n] Has PsList run in task-manager-like updating mode. You can optionally specify the number of seconds it runs and abort it by pressing the escape key. -r n Task-manager mode refresh rate in seconds (default is 1). name Instead of listing all the running processes in the system, this parameter narrows PsList's scan to those processes that begin with the name process. Thus: pslist exp
would statistics for all the processes that start with "exp", which would include Explorer.
-u username If you want to kill a process on a remote system and the account you are executing in does not have administrative privileges on the remote system then you must login as an administrator using this command-line option. If you do not include the password with the -p option then PsList will prompt you for the password without echoing your input to the display. -p password This option lets you specify the login password on the command line so that you can use PsList from batch files. If you specify an account name and omit the -p option PsList prompts you interactively for a password. \\computer Instead of showing process information for the local system, PsList will show information for the NT/Win2K system specified. Include the -u switch with a username and password to login to the remote system if your security credentials do not permit you to obtain performance counter information from the remote system. pid Instead of listing all the running processes in the system, this parameter narrows PsList's scan to the process that has the specified PID. Thus: pslist 53
would dump statistics for the process with the PID 53.
Etc
Society
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
Quotes
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Bulletin:
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
History:
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
Classic books:
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
You can use PayPal to to buy a cup of coffee for authors of this site Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.
Last modified: March 12, 2019
