Tip #2262 - Portable Disk and File Utilities
Printer Friendly Version | E-Mail This Tip
Portable
Disk and File Utilities
I love flash drives,
whether it’s a jump drive or a flash memory MP3 player, it seems
that I always always at least one connected to the system I’m working
on. So, I’m always excited when I see a cool new trick or program
that I can use my flash drive for. I’m all over it!
Portable programs
are applications that actually run in place. For example, from the folder
or drive in which they are located. These programs may install a couple
of registry entries, but nothing significant or potentially revealing.
Due to the fact that these programs run in place and are usually small
in size marks them as great applications that can be used on a flash drive.
I ran a couple of
download articles awhile back concerning portable programs that could
be useful if ran from a flash drive (Portable Firefox, Thunderbird and
Sunbird), which I myself have found great use for. It has been awhile
however, since I have checked back with the community to see if anything
new has come along in the area of portable programs. Well, I should have
a long time ago, because there are some really cool programs out there.
For today’s
Download of the Week, I’m actually going to showcase
a program that I believe will really impress you. It is called Process
Explorer. This is actually a program that Steve himself asked
me about awhile ago. He sent me an e-mail concerning an article or program
that could more easily describe what certain processes are doing in your
system. I thought this would be a good idea and spotted this little fella,
and I knew immediately that fate had brought us together.
Process Explorer is
a process viewer to the tenth degree. You can easily view and identify,
not only processes, but also services and DLLs.
Process Explorer’s
list of features:
· Process suspend/resume
· Thread details including stacks
· Job object information
· Start time and CPU time process columns
· Option to hide the lower pane
· Kill process tree
· Accurate registry key names for profile unload debugging
· Extensive help file
· Service descriptions on services tab of service process properties
dialog
· You can configure custom column selections and save them as easy-to-access
column sets
· Image verification option now verifies images in the background
· Process menu includes restart item to kill and then restart a
selected process
· Can suspend individual threads on threads page of Process Properties
dialog
· The find Window target moves Process Explorer's main window to
the back to get it out of the way
· Close Window command uses same End Task functionality as Task
Manager
· Show New Processes option scrolls display to make new processes
visible, heuristics to detect more image packers
· User name of account in which Process Explorer is running is
shown in the title bar
· Services can be stopped, resumed and paused from the Services
tab of the Process Properties dialog
· The DLLs that host SvcHost processes are listed in the Services
tab of the Process Properties dialog
· Services running within a process display on the process' tooltip
· As a parallel to the CPU Usage History column, there's now a
Private Bytes Usage History column
· The Process view includes columns that show the working set breakdown
of the process in shared, shareable and private pages
· New delta private-bytes column to show changes in private virtual
memory usage
· Can copy lines from the Process, DLL and Handle views to the
clipboard
· Option to show pagefile-backed (unnamed) sections in DLL view
· DLL and handle searching consolidated
· The DLL view includes columns that show the working set contributions
in shared, shareable and private pages
· The DLL a Rundll32 process hosts is shown in its process tooltip
· Packed DLL highlighting in DLL view
· Image signing verification available for DLLs
· Better DLL properties dialog
· Object address shown in Object Properties dialog
· File object share flags column for Handle view
· CPU history in tray icon
· CPU history column
· I/O delta column
· Process security editing
· Reports loaded 32-bit DLLs on Windows 64-bit
· Support for Windows Vista
· Opacity settings
· Tray window context menu options
· More performance information on process properties dialog
· Lock option in shutdown menu
· Reconfigured menu items and highlighting configuration
· Status bar column options
· Status bar information is configurable to show CPU usage, commit
charge, # of processes and more
· Can terminate individual threads
· Shutdown menu for logging off and shutting down the system
· Only allow one instance option
· Auto-open of lower pane when a find result is clicked
· .NET tab for .NET processes that shows AppDomains and .NET performance
counters
· x64 and x86 executables are in a single binary
· New Verified Company column shows image signer information
· Strings tab in process properties dialog has in-memory image
scan option
· Highlighting for images that are packed (have compressed or encrypted
code, which is common in malware)
· System information dialog has per-CPU graph option with hyperthreaded
and NUMA processor information
· A Users menu duplicates the functionality of Task Manager's Users
tab, showing Terminal Services session information and supporting logoff,
disconnect, and sending messages
· On XP SP2 and higher, the TCP/IP tab displays the thread stack
at the time an endpoint was opened, the tray icon context menu includes
the shutdown menu
· Search engine option to use Google or MSN Search
· Object address column is available for the handle view
· Image signatures can be checked on-demand in the process properties
dialog
· Process explorer is digitally signed with Sysinternals' Verisign
Class 3 signing certificate
· Data Execution Protection (DEP) status on process image tab and
as column
· Copy-to-clipboard from process environment variable and strings
dialogs
· Can select and copy text strings of process image properties
page
· Multi-row tabs on process properties dialog
· Image signing verification on process image properties dialog
· Mini-CPU usage graph on toolbar
· Command-line option for specifying Process Explorer priority
· Manual refresh (F5) forces recheck of job and .NET process status
· Single-clicking on tray icon minimizes and restores main window
· Finder tool for identifying the process that owns a selected
window
· Strings listings for process and DLL images
· Google menu item for searching process and DLL information
· Tray tooltip shows highest-CPU consuming process
· Window status column (like Task Manager's Status column on the
Applications tab)
· DLL view for System process shows list of loaded device drivers
· TCP/IP process properties page shows active TCP and UDP endpoints
· 64-bit version shows which processes are 64-bit on process properties
and adds
· 64-bit process column
· Runs in non-admin account
· Tree view functionality to collapse and expand process subtrees
· Can bring process-owned window to the foreground
· System CPU graph shows timestamps and most active process for
any given point, Per-process graph data tracked even when main window
is minimized to tray
· Per-process graph data displays timestamps
· Can set process CPU affinity
· Process tooltip no longer between mouse pointer and process name
· Ability to add a comment to processes and new comment column
· Can open multiple process properties dialogs simultaneously
· System information dialog CPU and memory usage graphs like Task
Manager
· Per-process CPU and memory graph tab in process properties
· Option to only show your own processes
· System Information dialog showing the same memory counters as
Task Manager (when symbols are configured, also shows maximum paged and
nonpaged pool values)
· Tray icon for CPU usage that's yellow when usage is > 70 percent
and red when > 90 percent
· Highlight color configuration dialog
· Context switch and context switch delta columns
· Run processes using the system Run dialog from the File menu
· Replace task manager option so that when you run Task Manager
Process Explorer runs instead
· Only non-zero CPU usage, .NET counters and context switch values
are displayed to clearly highlight process activity
· Search for DLLs or handles regardless of what mode the lower
pane is in
· Correct icons for MMC windows
· Mouse hover over process names and DLL names shows full path
of executable or DLL
Other Process
Explorer features include:
· Support for
full handle viewing on Win9x/Me (with the exception of registry key handles)
· Process icons
· Service process highlighting
· Process tree display
· Configurable refresh rate
· Refresh highlighting: new entries in the process, handle and
DLL views are green and deleted ones red
· DLL descriptions in the DLL view
· Highlights relocated DLLs
· Jump-to-entry in the find dialog
· Lists all process owners, even on Terminal Server systems
· Column selection and a wide variety of configurable process,
DLL and handle columns
· Asynchronous updates of all views
· Configurable refresh highlighting effects
· Save function saves process view and current bottom view (handle
or DLL)
This is one cool program,
and the fact that it’s portable (runs from a flash drive), makes
it a must see. Trust me, you’ll never use your Task Manager again.
You can download Process
Explorer here.
If you would like
to see some of my earlier articles showcasing other great portable software,
use the links below:
Portable Firefox and
Thunderbird: http://www.worldstart.com/tips/tips.php/1913
Portable Sunbird:
: http://www.worldstart.com/tips/tips.php/1934
Portable Antivirus:
http://www.worldstart.com/tips/tips.php/1917
~Chad Stelnicki
Want To Comment On This Tip? Click Here! We'd love to hear from you :-)
Like These Tips? Get 'Em Free In Your E-mail
