Once in a while I will get a call from one of my users describing a problem, and immediately I think to myself “impossible”. Like “it’s just not possible that your computer is deleting your email all by itself”.

Then there are the times where I find myself five minutes into the conversation going “uhhhh, yeah that’s not good, I wonder what could cause that?” (believe it or not, us IT people don’t in fact know immediately exactly what is wrong with your computer, and we’re even wrong once in a third Tuesday of the week).

When I need to get a crystal clear picture of what is happening on a system, I turn to Process Explorer from Sysinternals (now brought to you by Microsoft!). Process Explorer is everything that Windows’ Task Manager wishes it was:

Overview

Process Explorer is an advanced process management utility that picks up where Task Manager leaves off. It will show you detailed information about a process including its icon, command-line, full image path, memory statistics, user account, security attributes, and more. When you zoom in on a particular process you can list the DLLs it has loaded or the operating system resource handles it has open. A search capability enables you to track down a process that has a resource opened, such as a file, directory or Registry key, or to view the list of processes that have a DLL loaded.

The Process Explorer display consists of two sub-windows. The top always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window, which you can close, depends on the mode that Process Explorer is in: if it is in handle mode you will see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you will see the DLLs and memory-mapped files that the process has loaded.

Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded. The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

You can obtain equivalent command-line tools, Handle and ListDLLs, at the Sysinternals Web site.

Process Explorer does not require administrative privileges to run and works on Windows 9x/Me, Windows NT 4.0, Windows 2000, Windows XP, Server 2003, Windows Vista, Windows Server 2008 and on the x64 version of 64-bit Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008.

So, why use this rather than any of the dozens of other Task Manager replacements you can find on the internet? Well for starters, Process Explorer was written by Mark Russinovich. Mr. Russinovich is acknowledged as one of the foremost experts on Microsoft Windows in general, and the NTFS  file system in particular. The man is incredibly knowledgeable about the internal workings of Microsoft Operating Systems, and has authored several books on Microsoft Technologies.

Beyond that, the sheer depth of functionality in this product makes it a hands down winner in my book. Oh and did I mention that you can run it from a USB drive?

You can get more information on Process Explorer (and download it) here.