Windows Process Explorer To Get Detailed Information About Processes

Windows provides different tools to list and get information about processes. The task manager can be used to list and manage the process. But task manager has limited capabilities. So if we are a pentester or system administrator who lives in deep water we can use process explorer for more functionality.

Download Windows Process Explorer

Process explorer is provided as Sysinternal utilities and downloaded from following link as zipped file.

https://download.sysinternals.com/files/ProcessExplorer.zip

In order to run process explorer we just need to select the architecture and click executable. There is no need to install.

Process Explorer Help

As we can see in the previous screenshot process explorer comes with a help file in chm format. We can get detailed help about the process explorer from this help document.

List Processes with Process Explorer

We can get process list and their detailed information just clicking to the process explorer file.

Process are listed according to their parent and child relationship. Process listed as a sub row are child of the upper process. Following information about processes can be seen from this page.

• CPU columns shows general CPU usage percentage of this process.
• Private Bytes columns show the size of memory only used by this process and not shared with other processes and DLL’s.
• PID column shows process identifier given by operating system and used to easily identify the process.
• Description columns shows the process information.
• Company Name columns shows the executable file and application vendor company.

List Detailed Process Information

More detailed process information can be shown with the properties of the the selected process. Just right click on the process and select Properties . This will open a window like below.

We can see that there are a lot of tabs those provides related information. By default threads tab is opened and list existing threads of the current process which their Thread ID.

Following information can be get with other tabs.

• TCP/IP tab provides the network ports and remote connections about this process.
• Security tab provides owner, group and other related security information
• Environment tab provides information about the process environment variables like OS, PATH, HOMEPATH etc.
• Strings tab provides the identified strings in this process memory area.
• Image tab provides executable file path related information
• Performance tab provides CPU, I/O, Memory related statistics and information
• Performance Graph tab shows simple CPU, Memory and I/O graphs about process
• Threads tab shows related threads and their thread ID’s

Kill Process with Process Explorer

Another useful feature of the process explorer is killing selected process. This can be done right click to the related process and select Kill Process from the menu. We can also select process and use DELETE key to do same operation.

Kill Process Tree with Process Explorer

In previous step we just killed a single process. We can also kill  the process tree. Process tree is the parent process and its child process. This will also kill the child processes too.

Check Process and Executable Security In Virus Total

There is very useful feature which is security related. We can check the executable file and running processes against Virus Total. Virtual Total is a services provides more than 50 antivirus applications to check uploaded executable files. This virus check will made us more secure. We can apply this check to suspicious process easily like below.