Scott Hanselman

How to use Process Monitor and Process Explorer

June 20, 2015 Comment on this post [18] Posted in Screencasts
Sponsored By

I was chatting with Phil Haack today about a weird little bug/feature we were seeing in GitHub for Windows. I don't have the source code for the application, but I wanted to explore what was going on and get some insight so I could give Phil a decent bug report.

He and I spent some time on Skype sharing screens today and he commented "we should be recording this." So I went back and did just that.

Please take a moment and Subscribe to my YouTube Channel here: http://youtube.com/shanselman

In this short video I remind folks how Procmon and ProcExp work, how powerful they are and I learn some interesting things about GitHub for Windows!

Let me know if you find short videos like these useful, and if you do, suggest topics in the comments!

Also, a reminder, if you've got non-technical family or friends who want help with Windows 8, give them a YouTube Playlist designed just for them! http://hanselman.com/windows8

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook bluesky subscribe
About   Newsletter
Hosting By
Hosted on Linux using .NET in an Azure App Service
June 20, 2015 13:35
Hi Scott,

Thanks for one more useful post. Just to add to it. http://processhacker.sourceforge.net/ is a free open source clone of Process explorer which has all the exact features of process explorer and some polish on top of process explorer. I always feel why the "view dll"/"view handles" is not part of process properties dialog in process explorer. Fortunately Process hacker does exactly that. Give it a shot you may like it.
June 20, 2015 13:53
ProcMon and ProcExp are some of the most useful debug tools for "not my code" problems... From working out where exactly Qt is looking for its plugins, to why on earth some option setting keeps getting forgotten, even though I KNOW I changed it...

I'll also add Dependency Viewer as it does give good insight on issues related to what DLLs are being found by an executable, what exports are missing etc.

June 20, 2015 20:33
Great post! Saw a bit of AWS in the procmon logs; I was expecting Azure. :)
June 20, 2015 20:33
Nice and very helpful video.
June 20, 2015 23:53
Nice video, Scott!

I would also recommend Mark Russinovich's series Case of the Unexplained which covers a lot of common debugging scenarios in Windows (application crashes and hangs, sluggish performance, BSoDs, etc.) using a variety of tools (including both Process Monitor and Process Explorer).
June 21, 2015 0:34
Hi Scott!
Thank you for doing these videos the way you do it. :) ProcMon and ProcExp are extremely useful tools and it's the right thing to promote it.
June 21, 2015 14:42
Thank you, Nice video.
June 21, 2015 16:12
Interesting Video Scott! - Will come in very handy when debugging from now on :)
June 21, 2015 21:33
Make more! Make more!
June 22, 2015 16:43
I learned something. Thanks!
June 22, 2015 22:39
Scott, you mentioned that you only scratched the surface with Process Explorer. What you've shown is pretty much the extent of my knowledge with procexp.exe, so by definition I only know the basics then.

I think a deep dive video would be instructive.
June 23, 2015 3:59
Thanks for the video! :)

The raymond chen style guess is that a mutex is registered by the GitHub.exe process so they can check to see if one is already running. The protocol handler sees the existing mutex that's owned by the frozen/broken GitHub.exe, but obviously doesn't know that other process is borked.
The "fix" would be to send the other process a Windows message and see if it was handled within a short period of time. If it's not then the UI is frozen and it can be assumed dead.

It should be noted that this is one of those times where a reboot would have fixed the issue but we'd all be the poorer for it since we wouldn't have had the nice walkthrough of process monitor/explorer :)

As for the mutex theory, I think procexp will show such mutexes in its handles list. I do something similar in a part of our software where we sometimes want just one copy but also need multiple copies if they're launched with particular command-line arguments.
June 23, 2015 16:24
Thanks Scott! Useful as always.
June 23, 2015 18:01
Too funny, I ran into this same issue the other day. I launched github manually and it was then able to open in github for windows. I came to the wrong conclusion that I must have to have it opened for it to work. Glad to see you didn't make the same assumption!
June 25, 2015 6:44
I had the same issue using Windows Github from my corporate laptop so I though that maybe the "company firewall" it was just blocking something between Chrome and Github. Glad to see you going deep with the issue and posting this video. Really enjoy the live.sysinternals.com tip to execute them from the run bar. Please keep sharing!
June 26, 2015 18:29
Thanks so much for this. The day after watching this video I was able to solve a vexing problem with a barcode printer that previously required every user to change the printer's margins under Printing Preferences when they first logged in. Of course nobody ever did it right despite a popup message alerting them, Post-Its all over the monitor, etc. Using Process Monitor I was able to figure out which registry key was being changed, then wrote a quick Console Application that updates the registry key on login. I was able to make the workload a little easier for 100+ employees.
Other video love-to-sees:
- Tips for debugging with Visual Studio beyond just breakpoints, especially with ASP.NET MVC, because it's not as straightforward when examining Javascript.
- How to learn how a website does something cool, like if you encounter some neat technique on a site, ways to examine the Javascript and CSS to see what they're doing.
- Real-world tips where the best way to do something isn't really the textbook approach but works better in real-life.
- IIS tips. I know a lot of developers like me have to stumble through IIS configurations because we don't have a dedicated server person to help with it.
- Other useful tools in your development toolchest and quick overviews on how to use them, even if they're not necessarily MS tools, like Git, HTTrack.
- Interviews with or discussions of developer blogs you find interesting.
- State of the industry or interesting developments coming in the future.
- Thoughts on products like Oculus Rift, or Minecraft especially in light of MS's acquisition of it.
July 03, 2015 17:24
Great job!
July 08, 2015 21:07
All sysinternal tools are very useful, and I consider procmon/procexp mandatory for windows developers and I miss any for un*x. Because these tools make you 10x more productive. There's trace tools but they aren't very useful compared to procmon. ps is useless compared to procexp, etc.

Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.