Process Explorer enables you to identify nearly everything there is to know about a process by examining the Process Properties dialog. From there you may access information pertaining to a process s active threads, images, running services, security attributes, and strings.

The hierarchical nature of the process tree visually depicts the parent and descendent relationships of every active process. The color highlighting indicates whether a process has a service running (lilac), is packed (purple), or is entering (green) or exiting (red). The lower pane view shows all DLLs loaded by the highlighted process or operating resources open to the process (handles). The Find command can help you to identify process-resource interdependencies and to determine what might be keeping a process locked.

The lower pane reveals what DLLs the process highlighted in the upper pane has loaded (DLL view), and identifies what handles (operating system resources) a process has open.

By examining the lower pane view when the system process is highlighted in the upper pane you can see all kernel-mode drivers installed on your system.

You can access Verify Image Signatures in the Process Properties dialog and use them to test processes for authenticity.

Right-clicking a driver in the lower pane will bring up a Driver Properties dialog, which allows you to view the driver s image (location of the file on disk) or Google the filename listed in the Image field.

Process Explorer gives...