Whether you need to perform diagnostics on a program or if you need to see what a suspected malware program is doing, you can use Process Explorer to essentially put the program on pause while you look at what it is doing.
You might be wondering why you would want to suspend a process, and the answer is simple: if you need to do some work but a process is running away with the CPU, you can suspend the process and then resume when you are done with whatever else you need to do. You can also use it to suspend suspected malware so you can investigate it.
What is Process Explorer?
Process Explorer is a very comprehensive task managing application that displays everything from executable files locations, program handles, and any associated DLL processes that are opened. This program provides you with a wide range of options for information. It lists the active processes, as well as the accounts running them. In addition to this, depending on whether you are running the program in handle or DLL mode, you may have a second lower pane on the window with all the handle and DLL information.
In addition, there is a powerful search function that allows you to search through handles, DLL’s, and any associated information. It is a great tool to replace the traditional Windows Task Manager.
Downloading and Running Process Explorer
If you don’t already have Process Explorer, you can download it from Microsoft’s System Internals page, extract the zip file, and then double-click on procexp.exe — although you should really right-click and choose Run as Administrator for best results.
And since you don’t want to have to right-click and choose administrator mode every time, you can right-click, choose Properties, and then Compatibility, and then click on the checkbox for Run this program as administrator.
Once you’ve done so, open up Process Explorer and click through the UAC prompt if you see one.
Pausing (Suspending) or Resuming a Process
Simply find the process in the list that you’d like to suspend, right-click, and choose Suspend from the menu.
Once you’ve done so, you’ll notice that the process shows up as suspended, and will be highlighted in dark gray.
To resume the process, right-click on it again, and then choose to resume it from the menu.
This, of course, only begins to tap the power of Process Explorer. Be sure to read our SysInternals series for a lot more details about how to use it.