Hi Guys …
Just noticed Microsoft has released the new version for Process Explorer. Very valuable tool any Windows admin should have in their toolkit.
Cool thing is it’s now integrated to Virus Total solution. Process explorer send the hash of a file to Virus Total and if a file has been previously analysed by Virus Total then Process Explorer can tell you if the file is harmless or malicious.
I will talk about Virus total in another blog post. First time I heard about Virus Total was actually from Mark Russinovich when I got a opportunity to listen to him on a Windows IT pro session.
Software is available for download from Microsoft TechNet – http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx.
But one thing really surprises me or make me curious is Mark Russinovich is really still doing the coding as the page says.
Anyone don’t know what process Explorer do, I don’t think I have to explain that to any Windows admins but in case — Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you’ll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you’ll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.