Process Explorer
Process Explorer¶
This post is about using Process Explorer , a windows utility by Windows Sysinternals which is a task manager and System Monitor which can be handy when dealing with Executables.
Downloading Process Explorer¶
First off, start of by Googling Process Explorer and then taking the first link which is an official Microsoft Website.
The download link will be available there and the zip file can be downloaded. After extracting the downloaded compressed file, the 32 Bit as well as the 64 Bit executable can be found inside it. For now we'll go with the 32 Bit executable.
Opening Process Explorer and Finding the files an Executable is using¶
Now we'll open Wordpad and enter some random text and save it somewhere and keep the wordpad open.
Now let's open procexp.exe (Process Explorer 32-bit) and we can find wordpad.exe in the main window.
Now select View -> Lower Pane View -> Handles
After selecting wordpad.exe, we notice that there are multiple files listed below as used by wordpad. Among them we find that our file that we saved is listed there.
And that is how we find the files opened and used by a program.