Do you ever want to know which program is using a particular file or DLL? Or wonder what some process is doing and where it came from? You can get your answers from a powerful free Windows system utility that many know about but generally don’t take advantage of. It’s called Process Explorer and, if you spend any time using and maintaining Windows systems, you will want to add it to your toolbox. It is from the well-known collection of system utilities created by Sysinternals and can be found at this link. It has been likened by some to Task Manager on steroids.
The utility has a display which is split into two windows as shown above.The top window shows a list of the currently active processes. The bottom window contains information that depends on the mode that you select. For example, it may show the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded. Another feature that can be very useful is the ability to go online and find out what a process does and what its origin is. Right-click a process and the context menu has an entry that will take you to an online search page about the process.This can be very useful for checking a suspicious process. Also, like Task Manager, Process Explorer can be used to kill processes that are hung or suspicious.
The interface may appear daunting to some at first glance but the utility comes with a good help function that uses an accompanying CHM file. There is also a helpful PDF tutorial on how to use Process Explorer that comes from Kansas State University. Some older guides can be found at the Sysinternals forum