This is a Windows system and application monitoring tool developed by Sysinternals, currently Sysinternals has been acquired by Microsoft, which not only combines file monitoring and registry monitoring of two tools, but also adds several important enhancements. This tool supports 64-bit Windows systems
Many people may use this tool only as a substitute for TaskManager (Task Manager), in fact, this can only be said to be anti-aircraft flak mosquito, is overqualified, as a Windows development engineer, I highly recommend using this tool in the coding and debugging process, the following describes process The usefulness of the Explorer in the development process.
A tree-structured interface for Process Explorer
1. Accurate display of the process of the parent-child relationship
2. Color allows you to determine the status and type of the process, whether it is a pending or exiting, a service process or a normal process.
Second, the system information of the display process
Right-click the title bar-Select the Select Columns item, select the specific information you want to observe the process, here are a few options, commonly have the process image and process memory These two tabs, the other I do not have an example!
1. Display the file path of the process (Image path)
2. Show process command line parameters
3. Show whether the process is a 64-bit process or 32-bit (Image Type)
4. Display the session ID (session ID) where the process is currently located
5. Display the current permissions of the process, whether the system user or network administrator or normal administrator permissions (user Name)
6. Displays the number of GDI objects in the current process, the number of kernel objects, and the number of threads.
Iii. displaying DLLs loaded by the current process
Select View-> Lower Pane view-> DLLs
1. In this way, it is possible to observe whether our process is injected into the DLL by another program
2. Understanding the current process using those programming techniques in this way, it can be seen that the current process uses GDI +
3. You can modify the pane View tab to show more content, such as DLL base address, DLL memory-related information, etc.
Iv. display the system resource handle occupied by the current process
Select View-> Lower Pane view-> DLLs
1. View the resource handle table occupied by the current process
2. The logic of the process can be analyzed: The current TeamViewer service process creates an event and consumes a log file
3. You can check if your program has a kernel handle leak.
V. Manipulating processes and displaying internal information about the process (this type of information belongs to the current process)
Right-click the process
1. Can end the current process, or the current process tree
2. Can suspend, restart, resume a process from the hang
3. View process information (-select Properties)
1. You can see the user group information for the current process
2. You can see which privileges the current process has requested
Select the Environment tab to see the environment variables for the current process, and it is important to view their environment variables if you are automating the compilation or using some open source software.
Vi. search function (ctrl+f)
Why the search function is pulled out alone, I personally think this feature can be used in many places, when the code can see which event was occupied by, you directly search the event name can be, if you like delete a directory how also deleted, that is, a file is occupied by people, Then you can search for the directory path you need to delete.
TeamViewer This folder is being occupied by a service, so I just need to stop this service, it can be deleted, and the common memory stick is not allowed to uninstall and so on!
Process Explorer using graphic tutorials