Portable Disk and File Utilities

I love flash drives, whether it’s a jump drive or a flash memory MP3 player, it seems that I always always at least one connected to the system I’m working on. So, I’m always excited when I see a cool new trick or program that I can use my flash drive for. I’m all over it!

Portable programs are applications that actually run in place. For example, from the folder or drive in which they are located. These programs may install a couple of registry entries, but nothing significant or potentially revealing. Due to the fact that these programs run in place and are usually small in size marks them as great applications that can be used on a flash drive.

I ran a couple of download articles awhile back concerning portable programs that could be useful if ran from a flash drive (Portable Firefox, Thunderbird and Sunbird), which I myself have found great use for. It has been awhile however, since I have checked back with the community to see if anything new has come along in the area of portable programs. Well, I should have a long time ago, because there are some really cool programs out there.

For today’s Download of the Week, I’m actually going to showcase a program that I believe will really impress you. It is called Process Explorer. This is actually a program that Steve himself asked me about awhile ago. He sent me an e-mail concerning an article or program that could more easily describe what certain processes are doing in your system. I thought this would be a good idea and spotted this little fella, and I knew immediately that fate had brought us together.

Process Explorer is a process viewer to the tenth degree. You can easily view and identify, not only processes, but also services and DLLs.

Process Explorer’s list of features:

· Process suspend/resume
· Thread details including stacks
· Job object information
· Start time and CPU time process columns
· Option to hide the lower pane
· Kill process tree
· Accurate registry key names for profile unload debugging
· Extensive help file
· Service descriptions on services tab of service process properties dialog
· You can configure custom column selections and save them as easy-to-access column sets
· Image verification option now verifies images in the background
· Process menu includes restart item to kill and then restart a selected process
· Can suspend individual threads on threads page of Process Properties dialog
· The find Window target moves Process Explorer’s main window to the back to get it out of the way
· Close Window command uses same End Task functionality as Task Manager
· Show New Processes option scrolls display to make new processes visible, heuristics to detect more image packers
· User name of account in which Process Explorer is running is shown in the title bar
· Services can be stopped, resumed and paused from the Services tab of the Process Properties dialog
· The DLLs that host SvcHost processes are listed in the Services tab of the Process Properties dialog
· Services running within a process display on the process’ tooltip
· As a parallel to the CPU Usage History column, there’s now a Private Bytes Usage History column
· The Process view includes columns that show the working set breakdown of the process in shared, shareable and private pages
· New delta private-bytes column to show changes in private virtual memory usage
· Can copy lines from the Process, DLL and Handle views to the clipboard
· Option to show pagefile-backed (unnamed) sections in DLL view
· DLL and handle searching consolidated
· The DLL view includes columns that show the working set contributions in shared, shareable and private pages
· The DLL a Rundll32 process hosts is shown in its process tooltip
· Packed DLL highlighting in DLL view
· Image signing verification available for DLLs
· Better DLL properties dialog
· Object address shown in Object Properties dialog
· File object share flags column for Handle view
· CPU history in tray icon
· CPU history column
· I/O delta column
· Process security editing
· Reports loaded 32-bit DLLs on Windows 64-bit
· Support for Windows Vista
· Opacity settings
· Tray window context menu options
· More performance information on process properties dialog
· Lock option in shutdown menu
· Reconfigured menu items and highlighting configuration
· Status bar column options
· Status bar information is configurable to show CPU usage, commit charge, # of processes and more
· Can terminate individual threads
· Shutdown menu for logging off and shutting down the system
· Only allow one instance option
· Auto-open of lower pane when a find result is clicked
· .NET tab for .NET processes that shows AppDomains and .NET performance counters
· x64 and x86 executables are in a single binary
· New Verified Company column shows image signer information
· Strings tab in process properties dialog has in-memory image scan option
· Highlighting for images that are packed (have compressed or encrypted code, which is common in malware)
· System information dialog has per-CPU graph option with hyperthreaded and NUMA processor information
· A Users menu duplicates the functionality of Task Manager’s Users tab, showing Terminal Services session information and supporting logoff, disconnect, and sending messages
· On XP SP2 and higher, the TCP/IP tab displays the thread stack at the time an endpoint was opened, the tray icon context menu includes the shutdown menu
· Search engine option to use Google or MSN Search
· Object address column is available for the handle view
· Image signatures can be checked on-demand in the process properties dialog
· Process explorer is digitally signed with Sysinternals’ Verisign Class 3 signing certificate
· Data Execution Protection (DEP) status on process image tab and as column
· Copy-to-clipboard from process environment variable and strings dialogs
· Can select and copy text strings of process image properties page
· Multi-row tabs on process properties dialog
· Image signing verification on process image properties dialog
· Mini-CPU usage graph on toolbar
· Command-line option for specifying Process Explorer priority
· Manual refresh (F5) forces recheck of job and .NET process status
· Sin
gle-clicking on tray icon minimizes and restores main window
· Finder tool for identifying the process that owns a selected window
· Strings listings for process and DLL images
· Google menu item for searching process and DLL information
· Tray tooltip shows highest-CPU consuming process
· Window status column (like Task Manager’s Status column on the Applications tab)
· DLL view for System process shows list of loaded device drivers
· TCP/IP process properties page shows active TCP and UDP endpoints
· 64-bit version shows which processes are 64-bit on process properties and adds
· 64-bit process column
· Runs in non-admin account
· Tree view functionality to collapse and expand process subtrees
· Can bring process-owned window to the foreground
· System CPU graph shows timestamps and most active process for any given point, Per-process graph data tracked even when main window is minimized to tray
· Per-process graph data displays timestamps
· Can set process CPU affinity
· Process tooltip no longer between mouse pointer and process name
· Ability to add a comment to processes and new comment column
· Can open multiple process properties dialogs simultaneously
· System information dialog CPU and memory usage graphs like Task Manager
· Per-process CPU and memory graph tab in process properties
· Option to only show your own processes
· System Information dialog showing the same memory counters as Task Manager (when symbols are configured, also shows maximum paged and nonpaged pool values)
· Tray icon for CPU usage that’s yellow when usage is > 70 percent and red when > 90 percent
· Highlight color configuration dialog
· Context switch and context switch delta columns
· Run processes using the system Run dialog from the File menu
· Replace task manager option so that when you run Task Manager Process Explorer runs instead
· Only non-zero CPU usage, .NET counters and context switch values are displayed to clearly highlight process activity
· Search for DLLs or handles regardless of what mode the lower pane is in
· Correct icons for MMC windows
· Mouse hover over process names and DLL names shows full path of executable or DLL

Other Process Explorer features include:

· Support for full handle viewing on Win9x/Me (with the exception of registry key handles)
· Process icons
· Service process highlighting
· Process tree display
· Configurable refresh rate
· Refresh highlighting: new entries in the process, handle and DLL views are green and deleted ones red
· DLL descriptions in the DLL view
· Highlights relocated DLLs
· Jump-to-entry in the find dialog
· Lists all process owners, even on Terminal Server systems
· Column selection and a wide variety of configurable process, DLL and handle columns
· Asynchronous updates of all views
· Configurable refresh highlighting effects
· Save function saves process view and current bottom view (handle or DLL)

This is one cool program, and the fact that it’s portable (runs from a flash drive), makes it a must see. Trust me, you’ll never use your Task Manager again.

You can download Process Explorer here.

If you would like to see some of my earlier articles showcasing other great portable software, use the links below:

Portable Firefox and Thunderbird: http://www.worldstart.com/tips/tips.php/1913

Portable Sunbird: : http://www.worldstart.com/tips/tips.php/1934

Portable Antivirus: http://www.worldstart.com/tips/tips.php/1917

~Chad Stelnicki