TABLE OF CONTENTS Viewing, stopping, and starting processes and services using Process Explorer is both convenient and easy. Process Explorer provides access to these important process control functions in two places: the main menu and the context menu of a highlighted process. Process Explorer provides two additional process control features that are not available in the Task Manager namely, Suspend and Resume. Process Explorer is unique in that it provides service control features that you can access by selecting the Services tab in the Properties dialog. You can stop, pause, and resume services from the Properties dialog. The Properties dialog even provides an option, called Threads, which lets you kill the individual units comprising a running process. This is important from a malware perspective, because malware DLLs can inject threads into a legitimate running process to ensure their execution. We will now review all of these Process Explorer control features, and many others, in detail.
Process Explorer provides eight menu bar functions: File, Options, View, Process, Find, Handle, Users, and Help. Process Explorer comes with a very thorough Help file, so I will not go into an in-depth explanation of all the controls. Experimenting with the program itself is the best way to become familiar with all of Process Explorer s control features.
The File function offers the same features that the Task Manager offers and a few new features as well. Many of the functions offered enable...
