How to Use Sysinternals Process Explorer to Monitor and Manage Processes on Your Computer

Cyber Stack
3 min readJan 1, 2023

--

Sysinternals Process Explorer is a tool that allows you to monitor and manage the processes running on your computer in real-time. With Process Explorer, you can see detailed information about each process, including the resource usage, associated handles and modules, and process tree. In this tutorial, we will go over how to use Sysinternals Process Explorer to monitor and manage processes on your computer.

Download and install Process Explorer

To get started, you will need to download and install Process Explorer from the Sysinternals website: https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer. Once the download is complete, run the installer and follow the prompts to complete the installation.

Launch Process Explorer

After installation, you can launch Process Explorer by clicking on the Process Explorer icon on your desktop or by searching for it in the start menu. When you launch Process Explorer, you will see a window with a list of the currently running processes on your computer.

This picture shows the Process Explorer window displaying a list of the currently running processes on the computer.

View process details

Process Explorer displays a list of the currently running processes on your computer, including the process name, CPU and memory usage, and associated handles and modules. You can sort the list by any of these columns by clicking on the column header. You can also right-click on a process and select “Properties” to view more detailed information about the process. This will open the process properties window, which displays additional information about the process, including the command line arguments, version information, and security attributes.

This picture shows the Process Explorer process properties window displaying detailed information about a specific process.

Kill processes

You can use Process Explorer to kill processes that are not responding or that you no longer need. To do this, right-click on the process and select “Kill Process”. Be cautious when killing processes, as terminating certain processes may cause your system to crash or become unstable.

This picture shows the Process Explorer “Kill Process” dialog that appears when you right-click on a process and select “Kill Process”.

Search for handles and modules

Process Explorer allows you to search for specific handles and modules that are associated with a process. To do this, go to the “Find” menu and select “Find Handle or DLL”. This will open the “Find Handle or DLL” window, where you can enter the name of the handle or module you want to search for.

This picture shows the Process Explorer “Find Handle or DLL” window, where you can search for specific handles and modules associated with a process.

Find a process associated with a window

Sometimes it can be helpful to find the process associated with a specific window on your desktop. Process Explorer makes this easy with the “Find Windows Process” feature. To use this feature, simply drag the crosshairs icon from the Process Explorer toolbar over the window that you want to find the process for. Process Explorer will highlight the process in the list and display the process properties in a separate window.

This picture shows the Process Explorer “Find Windows Process” feature in action. The crosshairs icon is being dragged over a window on the desktop, and the associated process is highlighted in the Process Explorer list and displayed in the process properties window.

Conclusion

Sysinternals Process Explorer is a powerful tool for monitoring and managing the processes running on your computer. With Process Explorer, you can view detailed information about each process, kill processes as needed, search for handles and modules, and find a process associated with a window. Whether you are a system administrator or just want to keep an eye on the processes running on your computer, Process Explorer is a valuable tool to have in your toolkit.

--

--