ETW monitoring adds disk and network I/O statistics, and requires administrative privileges. You can access system-wide performance graphs from View > System Information. Process statistics can be viewed from the Disk and Network process property page. Disk and network columns are also added for processes and network connections (but will only function when Process Hacker is elevated). You can enable/disable ETW monitoring from the plugin options.
ETW monitoring also includes a Disk tab in the main window, which shows files recently accessed that have caused disk I/O. You can double-click a file (or press Enter) to open its containing folder in Windows Explorer.
On Windows 7 and above, GPU monitoring is enabled by default. This information is also available from View > System Information.
Memory list information can be viewed from View > Memory Lists, and is the same as the "Paging Lists" in Process Explorer's System Information Memory tab. You can also empty memory lists by clicking the Empty button.
If you open process properties for a service process and you right-click on a module and select Services, you can see a list of services referencing that module:
You can view the DLLs a process has unloaded by selecting Miscellaneous > Unloaded Modules from the process context menu:
WS Watch allows you to monitor page faults:
Other features include:
- Object properties are provided for ALPC ports and worker factory objects (TpWorkerFactory).
- You can cancel a thread's synchronous I/O by right-clicking a thread and selecting Cancel I/O.