Whether you need to perform diagnostics on a program or if you need to see what a suspected malware program is doing, you can use Process Explorer to essentially put the program on pause while you look at what it is doing.
无论是需要对程序执行诊断,还是需要查看可疑的恶意软件程序在做什么,都可以使用Process Explorer在查看程序运行时将其暂停。
You might be wondering why you would want to suspend a process, and the answer is simple: if you need to do some work but a process is running away with the CPU, you can suspend the process and then resume when you are done with whatever else you need to do. You can also use it to suspend suspected malware so you can investigate it.
您可能想知道为什么要挂起一个进程,答案很简单:如果您需要做一些工作,但是一个进程正在用CPU耗尽,则可以挂起该进程,然后在完成任何操作后继续执行否则您需要做。 您还可以使用它来挂起可疑的恶意软件,以便对其进行调查。
什么是Process Explorer? (What is Process Explorer?)
Process Explorer is a very comprehensive task managing application that displays everything from executable files locations, program handles, and any associated DLL processes that are opened. This program provides you with a wide range of options for information. It lists the active processes, as well as the accounts running them. In addition to this, depending on whether you are running the program in handle or DLL mode, you may have a second lower pane on the window with all the handle and DLL information.
Process Explorer是一个非常全面的任务管理应用程序,它显示可执行文件位置,程序句柄以及打开的所有相关DLL进程中的所有内容。 该程序为您提供了广泛的信息选项。 它列出了活动进程以及运行它们的帐户。 除此之外,根据您是在句柄还是DLL模式下运行程序,窗口上可能还有第二个下部窗格,其中包含所有句柄和DLL信息。
In addition, there is a powerful search function that allows you to search through handles, DLL’s, and any associated information. It is a great tool to replace the traditional Windows Task Manager.
此外,还有一个强大的搜索功能,使您可以搜索句柄,DLL和任何相关信息。 它是替代传统Windows Task Manager的绝佳工具。
下载并运行Process Explorer (Downloading and Running Process Explorer)
If you don’t already have Process Explorer, you can download it from Microsoft’s System Internals page, extract the zip file, and then double-click on procexp.exe — although you should really right-click and choose Run as Administrator for best results.
如果您还没有Process Explorer,则可以从Microsoft的System Internals页面下载它,解压缩该zip文件,然后双击procexp.exe-尽管您应该右键单击并选择以管理员身份运行以获得最佳效果。 。
And since you don’t want to have to right-click and choose administrator mode every time, you can right-click, choose Properties, and then Compatibility, and then click on the checkbox for Run this program as administrator.
而且,由于您不必每次都右键单击并选择管理员模式,因此可以右键单击,依次选择“属性”和“兼容性”,然后单击“以管理员身份运行此程序”复选框。
Once you’ve done so, open up Process Explorer and click through the UAC prompt if you see one.
完成后,打开Process Explorer并单击UAC提示符(如果看到)。
暂停(挂起)或恢复进程 (Pausing (Suspending) or Resuming a Process)
Simply find the process in the list that you’d like to suspend, right-click, and choose Suspend from the menu.
只需在列表中找到您要暂停的过程,右键单击,然后从菜单中选择“暂停”即可。
Once you’ve done so, you’ll notice that the process shows up as suspended, and will be highlighted in dark gray.
完成此操作后,您会注意到该过程显示为已暂停,并以深灰色突出显示。
To resume the process, right-click on it again, and then choose to resume it from the menu.
要恢复该过程,请再次右键单击它,然后从菜单中选择恢复它。
This, of course, only begins to tap the power of Process Explorer. Be sure to read our SysInternals series for a lot more details about how to use it.
当然,这只是开始利用Process Explorer的功能。 请务必阅读SysInternals系列,以获取有关如何使用它的更多详细信息。
655
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
