Process Explorer

Process Explorer

This post is about using Process Explorer , a windows utility by Windows Sysinternals which is a task manager and System Monitor which can be handy when dealing with Executables.

Downloading Process Explorer

First off, start of by Googling Process Explorer and then taking the first link which is an official Microsoft Website.

picture

The download link will be available there and the zip file can be downloaded. After extracting the downloaded compressed file, the 32 Bit as well as the 64 Bit executable can be found inside it. For now we'll go with the 32 Bit executable.

Opening Process Explorer and Finding the files an Executable is using

Picture

Now we'll open Wordpad and enter some random text and save it somewhere and keep the wordpad open.

Picture

Now let's open procexp.exe (Process Explorer 32-bit) and we can find wordpad.exe in the main window.

Picture

Now select View -> Lower Pane View -> Handles

Picture

After selecting wordpad.exe, we notice that there are multiple files listed below as used by wordpad. Among them we find that our file that we saved is listed there.

Picture

And that is how we find the files opened and used by a program.