Process Explorer using graphic tutorials

This is a Windows system and application monitoring tool developed by Sysinternals, currently Sysinternals has been acquired by Microsoft, which combines the functions of file monitoring and registry monitoring two tools, and adds a number of important enhancements. This tool supports 64-bit Windows systems

Many people may use this tool only as a TaskManager (Task Manager) as a substitute, in fact, it can only be said to be flak to beat mosquitoes, overqualified, as a Windows development engineer, I highly recommend in the coding and debugging process using this tool, the following introduction The usefulness of the Explorer in the development process.

a tree-shaped interface of Process Explorer

1. The exact display of the parent-child relationship of the process

2. By color, you can determine the state and type of the process, whether it hangs or is exiting, whether it is a service process or a normal process.

Second, the system information of the display process

Right-click the title bar-Select the Select Columns item, select a specific information you want to observe the process, here are a few options, commonly used with process image and process memory these two tabs, other I do not have screenshots for example!

1. Display the file path of the process (Image path)

2. Display process command-line arguments (command line)

3. Show whether the process is a 64-bit process or 32-bit (Image Type)

4. Show the session ID that the process is currently in

5. Displays the current permissions for the process, whether the system user or network administrator or normal administrator rights (user Name)

6. Displays the number of GDI objects for the current process, the number of kernel objects, and the number of threads.

third, display the DLL loaded by the current process

Select View-> Lower Pane view-> DLLs

1. In this way, we can observe whether our process is injected into the DLL by another program

2. In this way, it is understood that the current process uses those programming techniques, as shown by the current process using GDI +

3. You can modify the pane View tab to display more content, such as DLL base address, DLL memory related information, etc.

Iv. Display the system resource handle used by the current process

Select View-> Lower Pane view-> DLLs

1. View the resource handle table occupied by the current process

2. The logic of the process can be analyzed: as shown in the current TeamViewer service process, an event event is created and occupies a log file

3. You can check whether your program has a kernel handle leak.

v. Manipulating processes and displaying internal information about the process (such information belongs to the current process)

Right-click a process

1. Can end the current process, or the current process tree

2. You can suspend, reboot, and resume a process from hanging

3. View process information (figure-Select properties)

1. You can see the user group information for the current process

2. You can see what privileges the current process has requested

Select the Environment tab to see the environment variables for the current process, and it is important to view their environment variables if you automate compilation or use some open source software.

Vi. search function (ctrl+f)

Why does the search function pull out alone? I personally think that this function can be used in many places, the code can see which event is occupied by WHO, you directly search the event name on it, if you like to delete a directory how also delete not to drop, that is, So-and-so files are occupied by people, Then you can search for the directory path you need to delete

Figure: TeamViewer This folder is being occupied by a service, so I just need to stop this service, you can delete, common also have U disk is occupied do not let uninstall and so on!