If a process is a service and is suspended, it will display in dark gray because that color is more important. Since there is obviously some overlap between these different scenarios, the colors will be applied in an order of precedence. If you see a purple process, make sure to scan for malware! Packed Images (Purple) – these processes might contain compressed code hidden inside of them, or at least Process Explorer thinks that they do by using heuristics.For some reason Explorer.exe and Task Manager will also show up as immersive. In the screenshot earlier you might have noticed WSHost.exe, which is a “Windows Store Host” process that runs Metro apps. Immersive Process (Bright Blue) – This is just a fancy way of saying that the process is a Windows 8 application using the new APIs.Sometimes crashed apps will briefly show up in gray while Windows is handling the crash. You can easily use Process Explorer to suspend an application. Suspended Processes (Dark Gray) – When a process is suspended it can’t do anything.Services (Light Pink) – Windows Service processes, although it’s worth noting that they might have child processes that are launched as a different user, and those might be a different color.Own Processes (Light Blueish) – Processes running as the same user account as Process Explorer.Deleted Objects (Red) – When a process is killed or closes it will usually flash red right before deleting.New Objects (Bright Green) – When a new process shows up in Process Explorer, it starts out as bright green.The latest version (v16) integrates VirusTotal into the interface so you can check a process for viruses without leaving Process Explorer.Īny time you have a problem with an application, or something keeps freezing on your computer, or maybe you are trying to figure out what a particular DLL file is used for, Process Explorer is the tool for the job.Can see which thread in a process is actually maxing out the CPU.Can Suspend a process, freezing all its threads so they do nothing.Can Kill an entire process tree, including any processes started by the one you choose to kill.View complete data about any process, including threads, memory usage, handles, objects, and pretty much anything else there is to know.Figure out which process has a file or folder open and locked.Figure out which process is running an open window.Figure out which process has loaded a DLL file.Can add multiple tray icons to monitor CPU, Disk, GPU, Network, and more.Can be used to replace Task Manager, which is especially useful on XP, Vista, and Windows 7.Very accurate CPU usage tracking for processes.The default tree view shows the hierarchical parent relationship between processes, and displays using colors to easily understand processes at a glance.This application has many features, and many of those are buried deep within the interface. Some of the better features include the following, although this is by no means an exhaustive list. It’s the defacto standard for dealing with troubleshooting processes. Process Explorer, a task manager and system monitor application, has been around since 2001, and while it used to even work on Windows 9x, the modern versions only support XP and above, and they’ve been continually updated with features for modern versions of Windows. Wrapping Up and Using the Tools Together.Analyzing and Managing Your Files, Folders, and Drives.Using PsTools to Control Other PCs from the Command Line.Using BgInfo to Display System Information on the Desktop.Using Autoruns to Deal with Startup Processes and Malware.Using Process Monitor to Troubleshoot and Find Registry Hacks.Using Process Explorer to Troubleshoot and Diagnose.What Are the SysInternals Tools and How Do You Use Them?.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |