To get more details of any process, double-click it. To make it easier to spot such files, you can click the ‘Process’ column heading until you get an alphabetical listing.
For example, it might call itself ‘svch0st.exe’ (with a zero), ‘svhost.exe’ (without the ‘c’), or any other combination of letters and numbers that attempt to subtly resemble the original file name. With all those svchost processes running, it’s relatively easy for malware to call itself something that will look like ‘svchost’ to the untrained eye. Now we have a better view of the running OS, we can begin to look for malicious processes masquerading as legitimate ones. ‘Wininit’, for example, is the ancestor of a large number of processes, including those multiple instances of ‘svchost.exe’. This makes it easy to see which processes are the parents of others. To begin, click the ‘Process’ column until the display changes to an indented hierarchy. It provides far more detail than Task Manager, and it can manage tasks just as well as the Windows 7 offering. Process Explorer works the same in 32-bit and 64-bit environments. It’s a temporary file and should disappear when you close the running program, though you might have to press to refresh the directory to see this. This is called ‘procexp64’, and is a wrapper that the original 32-bit executable creates to satisfy conditions for running on a 64-bit machine. If you’re running on a 64-bit CPU, you’ll notice that a second executable suddenly appears in the directory containing Process Explorer. Click ‘Yes’ on the ‘User account control’ window that pops up. Starting in this way gives Process Explorer more access to important information. : This update to Sigcheck, a command-line utility for analyzing the digital signatures of executable images, fixes a bug that could cause it to crash when reporting the signing status of images that have invalid signatures.To run Process Explorer, right-click its icon and select ‘Run as administrator’. : This update to Process Explorer adds the ability to view the process token of protected processes, fixes a bug that causes a crash when viewing thread stacks on Windows XP, and fixes a bug that causes a crash when running on Windows PE. : This release of DebugView, a debug output monitoring utility, addresses a bug that could cause DebugView to blue screen on “checked build” (debug) versions of Windows. Besides obtaining min, max, and average values in 0.01ms resolution, you can also use PsPing to generate histograms of the results that are easy to import into spreadsheets. In addition to standard ICMP ping functionality, it can report the latency of connecting to TCP ports, the latency of TCP round-trip communication between systems, and the TCP bandwidth available to a connection between systems. : PsPing is a new Sysinternals PsTools command-line utility for measuring network performance. First published on TechNet on Oct 03, 2012
0 kommentar(er)
