Process Explorer v17.05
By Mark Russinovich
Published: July 26, 2023
Created with ZoomIt
Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
- Windows Internals Book The official updates and errata page for the definitive book on Windows internals, by Mark Russinovich and David Solomon.
- Windows Sysinternals Administrator's Reference The official guide to the Sysinternals utilities by Mark Russinovich and Aaron Margosis, including descriptions of all the tools, their features, how to use them for troubleshooting, and example real-world cases of their use.
- Client: Windows 8.1 and higher.
- Server: Windows Server 2012 and higher.
Simply run Process Explorer (procexp.exe).
The help file describes Process Explorer operation and usage. If you have problems or questions, visit the Process Explorer section on Microsoft Q&A.
Note on use of symbols
When you configure the path to DBGHELP.DLL and the symbol path uses the symbol server, the location of DBGHELP.DLL also has to contain the SYMSRV.DLL supporting the server paths used. See SymSrv documentation or more information on how to use symbol servers.
Here are some other handle and DLL viewing tools and information available at Sysinternals:
- The case of the Unexplained... In this video, Mark describes how he has solved seemingly unsolvable system and application problems on Windows.
- Handle - a command-line handle viewer
- ListDLLs - a command-line DLL viewer
- PsList - local/remote command-line process lister
- PsKill - local/remote command-line process killer
- Defrag Tools: #2 - Process Explorer In this episode of Defrag Tools, Andrew Richards and Larry Larsen show how to use Process Explorer to view the details of processes, both at a point in time and historically.
- Windows Sysinternals Primer: Process Explorer, Process Monitor and More Process Explorer gets a lot of attention in the first Sysinternals Primer delivered by Aaron Margosis and Tim Reckmeyer at TechEd 2010.