Scott Hanselman

How to use Process Monitor and Process Explorer

June 20, '15 Comments [18] Posted in Screencasts
Sponsored By

I was chatting with Phil Haack today about a weird little bug/feature we were seeing in GitHub for Windows. I don't have the source code for the application, but I wanted to explore what was going on and get some insight so I could give Phil a decent bug report.

He and I spent some time on Skype sharing screens today and he commented "we should be recording this." So I went back and did just that.

Please take a moment and Subscribe to my YouTube Channel here: http://youtube.com/shanselman

In this short video I remind folks how Procmon and ProcExp work, how powerful they are and I learn some interesting things about GitHub for Windows!

Let me know if you find short videos like these useful, and if you do, suggest topics in the comments!

Also, a reminder, if you've got non-technical family or friends who want help with Windows 8, give them a YouTube Playlist designed just for them! http://hanselman.com/windows8

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb
Saturday, June 20, 2015 9:35:25 AM UTC
Hi Scott,

Thanks for one more useful post. Just to add to it. http://processhacker.sourceforge.net/ is a free open source clone of Process explorer which has all the exact features of process explorer and some polish on top of process explorer. I always feel why the "view dll"/"view handles" is not part of process properties dialog in process explorer. Fortunately Process hacker does exactly that. Give it a shot you may like it.
Saturday, June 20, 2015 9:53:17 AM UTC
ProcMon and ProcExp are some of the most useful debug tools for "not my code" problems... From working out where exactly Qt is looking for its plugins, to why on earth some option setting keeps getting forgotten, even though I KNOW I changed it...

I'll also add Dependency Viewer as it does give good insight on issues related to what DLLs are being found by an executable, what exports are missing etc.

Stuart Dootson
Saturday, June 20, 2015 4:33:07 PM UTC
Great post! Saw a bit of AWS in the procmon logs; I was expecting Azure. :)
Mike
Saturday, June 20, 2015 4:33:46 PM UTC
Nice and very helpful video.
Saturday, June 20, 2015 7:53:43 PM UTC
Nice video, Scott!

I would also recommend Mark Russinovich's series Case of the Unexplained which covers a lot of common debugging scenarios in Windows (application crashes and hangs, sluggish performance, BSoDs, etc.) using a variety of tools (including both Process Monitor and Process Explorer).
Lachlan Picking
Saturday, June 20, 2015 8:34:12 PM UTC
Hi Scott!
Thank you for doing these videos the way you do it. :) ProcMon and ProcExp are extremely useful tools and it's the right thing to promote it.
Grigory
Sunday, June 21, 2015 10:42:03 AM UTC
Thank you, Nice video.
Sunday, June 21, 2015 12:12:59 PM UTC
Interesting Video Scott! - Will come in very handy when debugging from now on :)
Sunday, June 21, 2015 5:33:00 PM UTC
Make more! Make more!
JanivZ
Monday, June 22, 2015 12:43:55 PM UTC
I learned something. Thanks!
Monday, June 22, 2015 6:39:25 PM UTC
Scott, you mentioned that you only scratched the surface with Process Explorer. What you've shown is pretty much the extent of my knowledge with procexp.exe, so by definition I only know the basics then.

I think a deep dive video would be instructive.
RobertG
Monday, June 22, 2015 11:59:40 PM UTC
Thanks for the video! :)

The raymond chen style guess is that a mutex is registered by the GitHub.exe process so they can check to see if one is already running. The protocol handler sees the existing mutex that's owned by the frozen/broken GitHub.exe, but obviously doesn't know that other process is borked.
The "fix" would be to send the other process a Windows message and see if it was handled within a short period of time. If it's not then the UI is frozen and it can be assumed dead.

It should be noted that this is one of those times where a reboot would have fixed the issue but we'd all be the poorer for it since we wouldn't have had the nice walkthrough of process monitor/explorer :)

As for the mutex theory, I think procexp will show such mutexes in its handles list. I do something similar in a part of our software where we sometimes want just one copy but also need multiple copies if they're launched with particular command-line arguments.
Tuesday, June 23, 2015 12:24:09 PM UTC
Thanks Scott! Useful as always.
Joerg Pichler
Tuesday, June 23, 2015 2:01:34 PM UTC
Too funny, I ran into this same issue the other day. I launched github manually and it was then able to open in github for windows. I came to the wrong conclusion that I must have to have it opened for it to work. Glad to see you didn't make the same assumption!
Jamy Ryals
Thursday, June 25, 2015 2:44:50 AM UTC
I had the same issue using Windows Github from my corporate laptop so I though that maybe the "company firewall" it was just blocking something between Chrome and Github. Glad to see you going deep with the issue and posting this video. Really enjoy the live.sysinternals.com tip to execute them from the run bar. Please keep sharing!
Friday, June 26, 2015 2:29:21 PM UTC
Thanks so much for this. The day after watching this video I was able to solve a vexing problem with a barcode printer that previously required every user to change the printer's margins under Printing Preferences when they first logged in. Of course nobody ever did it right despite a popup message alerting them, Post-Its all over the monitor, etc. Using Process Monitor I was able to figure out which registry key was being changed, then wrote a quick Console Application that updates the registry key on login. I was able to make the workload a little easier for 100+ employees.
Other video love-to-sees:
- Tips for debugging with Visual Studio beyond just breakpoints, especially with ASP.NET MVC, because it's not as straightforward when examining Javascript.
- How to learn how a website does something cool, like if you encounter some neat technique on a site, ways to examine the Javascript and CSS to see what they're doing.
- Real-world tips where the best way to do something isn't really the textbook approach but works better in real-life.
- IIS tips. I know a lot of developers like me have to stumble through IIS configurations because we don't have a dedicated server person to help with it.
- Other useful tools in your development toolchest and quick overviews on how to use them, even if they're not necessarily MS tools, like Git, HTTrack.
- Interviews with or discussions of developer blogs you find interesting.
- State of the industry or interesting developments coming in the future.
- Thoughts on products like Oculus Rift, or Minecraft especially in light of MS's acquisition of it.
James
Friday, July 03, 2015 1:24:14 PM UTC
Great job!
googler
Wednesday, July 08, 2015 5:07:25 PM UTC
All sysinternal tools are very useful, and I consider procmon/procexp mandatory for windows developers and I miss any for un*x. Because these tools make you 10x more productive. There's trace tools but they aren't very useful compared to procmon. ps is useless compared to procexp, etc.
ununix
Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.