您是否经常在 Windows 10 PC 上使用任务管理器(Task Manager)来跟踪系统上的不同进程以及它们使用了多少CPU或内存?(CPU)如果是这样,您可能会发现您更喜欢两个替代选项 - Process Monitor或Process Explorer。
两者都是可以安装在 Windows 10 PC 上的免费工具。它们包括您可以在Windows 任务管理器(Windows Task Manager)中看到的相同信息以及更多信息。
什么是进程监视器?
Process Monitor是一个免费的高级监控工具,包含在Windows Sysinternals的(Windows Sysinternals)Windows 实用程序(utilities)套件中。它使您可以查看有关系统上运行的所有进程的(all processes running on your system)详细信息。
具体来说,这些是有关特定进程触发的事件的详细信息。
首次启动应用程序时,默认选择以下进程信息字段。
- 进程名称
- 小路
- 细节
- 结果
- 手术
- 时间
- 进程 ID (PID)
您可以选择 20 个附加字段以查看有关每个流程的更多信息。
您不仅限于使用此工具查看流程信息。您还可以在任何字段上设置过滤器以限制显示的数据、记录进程事件以进行故障排除,以及让您查看父进程和子进程之间关系的进程树。
什么是进程资源管理器?
Process Explorer是了解不同应用程序如何在您的系统上运行的最佳工具。通过创新的树形结构,它将向您展示每个父进程控制的文件、目录和其他进程的细分。
您可以在“句柄模式”下使用Process Explorer,它可以帮助您查看每个进程打开了哪些窗口句柄,或者“ DLL模式”,它可以显示每个进程打开的DLL(DLLs)和内存映射文件。
这使得Process Explorer在对计算机上运行的应用程序进行故障排除或调试时非常有用。
既然您知道这些免费的 SysInternals 实用程序的用途,让我们仔细看看如何在您自己的Windows 10 PC 上使用这些实用程序。
如何使用进程监视器
提取Process Monitor文件后,您将看到启动该实用程序的不同文件。如果您运行的是 64 位Windows系统,请选择名为Procmon64.exe的文件。如果没有,则选择Procmon.exe文件。
从Process Monitor主窗口,您可以启动类似于Process Explorer应用程序的视图。这是进程树视图。要查看它,只需选择上面带有树形图图像的小文档图标。
您可以在此视图中看到的一些信息包括父进程及其已启动的所有进程。您可以看到它的启动命令、应用程序开发人员(如果有)、它运行了多长时间以及它的启动日期。
它不像Process Explorer那样提供丰富的信息,但它是一个很好的快速视图,可以查看许多相同的信息。
创建进程监视器过滤器(Create a Process Monitor Filter)
返回主屏幕(流程事件窗口),右键单击任何流程并选择编辑过滤器(Edit Filter)以更新流程过滤器。
此窗口向您展示了过滤在Process Monitor中的工作方式。第一个下拉列表允许您为过滤器选择对象。在这种情况下,它是Process Name。下一个下拉菜单是类似、不是、小于等运算符。该字段是您可以键入或选择过滤器的地方,以及您是要包含(Include)还是排除(Exclude)这些条目。
当您选择Add时,它将将该新过滤器添加到您的列表中,并相应地修改流程的整体视图。
要创建新过滤器,请选择过滤器(Filter)菜单,然后选择过滤器(Filter)。
这将打开相同的窗口,但过滤器为空白。只需(Just)选择每个下拉列表,输入您要排除或包含的过滤器项目,然后将其添加到您的过滤器列表中。
选择“确定(OK)”后,它将更新您的主视图以包含您的新过滤器。
Process Monitor最有用的功能是在某些操作期间记录系统事件。您可以按如下方式记录系统事件:
- 按(Press)放大镜捕获(Capture)图标停止记录。
- 选择纸上的橡皮擦清除图标以清除日志。
- 再次按(Press)Capture图标开始记录。
- 选择过滤器(Filter)并启用高级输出(Enable Advanced Output)。
- 重新创建问题。
- 再次选择捕获(Capture)图标以停止记录。
- 选择磁盘保存(Save)图标将日志保存到您的计算机。
您可以查看日志以查看在重新创建您尝试解决的问题或错误时发生的所有流程事件。
深入探索事件(Exploring Deeper with Events)
当您在Process Monitor中选择特定事件时,您可以通过(Process Monitor)Event菜单探索更多详细信息。
选择要检查的事件。然后选择事件(Event)菜单并选择属性(Properties)。
这显示了事件的所有属性。事件选项卡主要显示主进程监视器(Process Monitor)窗口中的内容。(Event)Process选项卡向您显示应用程序的路径和启动命令行,以及进程使用的模块等内容。堆栈(Stack)选项卡提供进程存储在内存中的模块及其详细信息。
您可以通过在“事件”菜单中选择“堆栈”来仅访问“(Stack)堆栈”选项卡。(Stack)
如果您想密切关注任何单个事件,请选择它,然后选择Event菜单并选择Toggle Bookmark。
这将突出显示事件,以便更容易跟踪。
您还可以通过选择“事件(Event)”菜单并选择“跳转到(Jump To)”来查看任何进程的注册表(Registry)条目。
这是查看您可能想要切换以配置该应用程序的任何注册表项的快速方法。
您将在工具栏右侧看到五个图标,您可以使用它们来微调默认过滤器。
您可以使用它们来打开或关闭以下每个过滤器:
- 注册活动
- 文件系统活动
- 网络活动
- 进程和线程活动
- 分析事件
如何使用进程资源管理器
启动 Process Explorer(Explorer)时,对 32 位或 64 位使用相同的方法。
您可以在“查看”(View)菜单中自定义在每个窗格中显示的过程信息。
使用下部窗格视图(Lower Pane View)将显示的数据从句柄(Handles)更改为DLL(DLLs)。
这里最重要的菜单是Process。以下是每个菜单选项将显示并让您控制的内容。
Set Affinity显示所选进程可以在哪些CPU(CPUs)上执行。您可以根据需要启用或禁用任何处理器。
设置优先级(Set Priority)允许您增加或离散CPU为该进程提供的优先级。这是对滞后或运行缓慢的应用程序进行故障排除的好方法,以查看是否有太多其他进程正在运行。
接下来的四个选项可让您控制每个过程。
这些包括:
- 杀死进程(Kill Process):强制停止单个进程
- 杀死进程树(Kill Process Tree):强制停止进程和所有子进程
- Restart:停止并启动选定的进程
- Suspend:怀疑选择的进程
您可以通过选择Process菜单并选择Create Dump 创建(Create Dump)与所选进程关联的转储或小型转储文件。然后选择是否需要Minidump或Full Dump。
如果您在Process菜单中选择Check VirusTotal , Process Explorer将向VirusTotal.com提交与该进程和(VirusTotal.com)DLL(DLLs)关联的文件的哈希值。VirusTotal将扫描和分析那些是否有任何病毒活动。您需要同意VirusTotal的服务条款才能使用此功能。
最后,如果您从Process菜单中选择(Process)Properties,您可以查看有关所选流程的各种属性。
这包括与性能、GPU使用、总线程、网络活动等相关的信息。
您应该使用Process Monitor还是Process Explorer?
虽然这两个实用程序相似,但它们并不相同。如果您需要跟踪流程与系统的交互方式,则最好使用Process Monitor 。它使您可以监视和记录由每个进程触发的事件。
它可以帮助您查看您的进程和系统之间的交互是否导致错误或行为异常。
另一方面, Process Explorer非常注重流程。它可以帮助您查看父进程与其子进程之间的关系。它还可以让您更深入地挖掘每个进程的参数和属性,远远超过任何其他可用的Windows实用程序。
根据您的具体故障排除选择所需的实用程序。
How to Use Process Monitor and Process Explorer
Do you often use Task Manager on your Windоws 10 PC to keep trаck of the different processes on your system and how much CPU or memory they’re using? If so, you might find that you prefer two alternative options – Process Monitor or Process Explorer.
Both are free tools that you can install on your Windows 10 PC. They include the same information you can see in Windows Task Manager and a whole lot more as well.
What Is Process Monitor?
Process Monitor is a free advanced monitoring tool included in the Windows Sysinternals suite of Windows utilities. It lets you view detailed information about all processes running on your system.
Specifically, these are details about events triggered by specific processes.
The following process information fields are selected by default when you first launch the app.
- Process Name
- Path
- Detail
- Result
- Operation
- Time of Day
- Process ID (PID)
There are 20 additional fields you can select to see even more information about each process.
You aren’t limited to just view process information with this tool. You can also set filters on any field to limit what data gets displayed, log process events for troubleshooting, and a process tree that lets you see the relationship between parent and child processes.
What Is Process Explorer?
Process Explorer is the best tool for understanding how different applications are working on your system. Through an innovative tree structure, it’ll show you a breakdown of what files, directories, and other processes each parent process is controlling.
You can use Process Explorer in “handle mode”, which helps you see what window handles each process has opened, or “DLL mode”, which shows you DLLs and memory mapped files each process has opened.
This makes Process Explorer extremely useful when troubleshooting or debugging applications that are running on your computer.
Now that you know what each of these free SysInternals utilities is used for, let’s take a closer look at how you can use each of these on your own Windows 10 PC.
How to Use Process Monitor
After you extract the Process Monitor files you’ll see different files to launch the utility. If you’re running a 64-bit Windows system, choose the file named Procmon64.exe. If not, then choose the Procmon.exe file.
From the main Process Monitor window, you can launch a view that’s similar to the Process Explorer app. This is the process tree view. To view this, just select the small document icon with an image of a tree diagram on it.
Some information you can see in this view includes the parent process and all of the processes it has launched. You can see its launch command, the app developer (if available), how long it’s been running, and the date it was launched.
It’s not as informative as Process Explorer, but it’s a nice quick view to see much of the same information.
Create a Process Monitor Filter
Back on the main screen (process events window), right click any of the processes and choose Edit Filter to update the process filter.
This window shows you how filtering works in Process Monitor. The first dropdown lets you select the object for your filter. In this case it’s the Process Name. The next dropdown is the operator like is, is not, less than, etc. The field is where you can type or select your filter, and whether you want to Include or Exclude those entries.
When you select Add, it’ll add that new filter to your list, and modify the overall view of processes accordingly.
To create a new filter, select the Filter menu, and select Filter.
This will open the same window but with the filter blank. Just select each dropdown, enter the filter item you want to exclude or include, and add it to your filter list.
Once you select OK it’ll update your main view to include your new filter.
The most useful feature of Process Monitor is logging system events during some action. You can log system events as follows:
- Press the magnifying glass Capture icon to stop logging.
- Select the eraser on paper Clear icon to clear the log.
- Press the Capture icon again to start logging.
- Select Filter and Enable Advanced Output.
- Recreate the issue.
- Select the Capture icon again to stop logging.
- Select the disk Save icon to save the log to your computer.
You can review the log to see all process events that occurred when you recreated the issue or error you’re trying to troubleshoot.
Exploring Deeper with Events
When you select specific events in Process Monitor, you can explore more details through the Event menu.
Select the event you want to examine. Then select the Event menu and select Properties.
This shows all properties for the event. The Event tab shows mostly what was in the main Process Monitor window. The Process tab shows you things like the path to the application and the launch command line, as well as modules used by the process. The Stack tab provides modules stored in memory by the process and their details.
You can access just the Stack tab by selecting Stack in the Events menu instead.
If you want to keep a close eye on any single events, select it and then select the Event menu and select Toggle Bookmark.
This will highlight the event so it’s easier to track.
You can also see the Registry entries for any process by selecting the Event menu and selecting Jump To.
This is a quick way to see any registry entries you may want to toggle to configure that application.
You’ll see five icons to the right side of the toolbar that you can use to fine-tune the default filters.
You can use these to turn on or off each of the following filters:
- Registry activity
- File system activity
- Network activity
- Process and thread activity
- Profiling events
How to Use Process Explorer
Use the same approach for 32-bit or 64-bit when you launch Process Explorer.
The View menu is where you can customize what process information gets displayed in each pane.
Use Lower Pane View to change the data displayed there from Handles to DLLs.
The most important menu here is Process. The following is what each menu option will show you and let you control.
Set Affinity shows which CPUs the selected process can execute on. You can enable or disable any of the processors if you like.
Set Priority lets you increase or discrete the priority that the CPU gives that process. This is a good way to troubleshoot lagging or slow-running applications to see if it’s an issue with too many other processes running.
The next four options let you control each process.
These include:
- Kill Process: Force stop an individual process
- Kill Process Tree: Force stop the process and all child processes
- Restart: Stop and start the selected process
- Suspend: Suspect the selected process
You can create dump or minidump files associated with the selected process by selecting the Process menu and selecting Create Dump. Then choose whether you want a Minidump or a Full Dump.
If you select Check VirusTotal in the Process menu, Process Explorer will submit hashes for the files associated with the process and DLLs to VirusTotal.com. VirusTotal will scan and analyze those for any virus activity. You will need to agree to VirusTotal’s terms of service before you can use this feature.
Finally, if you select Properties from the Process menu, you can view a wide variety of properties about the selected process.
This includes information related to performance, GPU use, total threads, network activity, and much more.
Should You Use Process Monitor or Process Explorer?
While these two utilities are similar, they aren’t the same. Process Monitor is better used if you need to track how your processes are interacting with your system. It lets you monitor and log events that are triggered by each process.
It can help you see whether the interaction between your processes and your system is causing errors or behaving abnormally.
Process Explorer, on the other hand, is heavily process focused. It helps you see the relationships between parent processes and its child processes. It also lets you dig much more deeply into parameters and properties of each process, far more than any other available Windows utility.
Choose the utility you want depending on what you’re specifically troubleshooting.
