Process Hacker Discussion Forum

User avatar
Posts: 948
Joined: 17 Jan 2011 05:19
OS: Windows


13 Jul 2011 00:54

The ExtendedTools plugin requires Windows Vista or above, and adds various features that are not available on Windows XP.

ETW monitoring adds disk and network I/O statistics, and requires administrative privileges. You can access system-wide performance graphs from View > System Information. Process statistics can be viewed from the Disk and Network process property page. Disk and network columns are also added for processes and network connections (but will only function when Process Hacker is elevated). You can enable/disable ETW monitoring from the plugin options.

ETW monitoring also includes a Disk tab in the main window, which shows files recently accessed that have caused disk I/O. You can double-click a file (or press Enter) to open its containing folder in Windows Explorer.
Disk Tab.png
On Windows 7 and above, GPU monitoring is enabled by default. This information is also available from View > System Information.

Memory list information can be viewed from View > Memory Lists, and is the same as the "Paging Lists" in Process Explorer's System Information Memory tab. You can also empty memory lists by clicking the Empty button.
Memory Lists.png
Memory Lists.png (15.78 KiB) Viewed 15455 times
If you open process properties for a service process and you right-click on a module and select Services, you can see a list of services referencing that module:
Module Services.png
You can view the DLLs a process has unloaded by selecting Miscellaneous > Unloaded Modules from the process context menu:
Unloaded Modules.png
WS Watch allows you to monitor page faults:
WS Watch.png
Other features include:
  • Object properties are provided for ALPC ports and worker factory objects (TpWorkerFactory).
  • You can cancel a thread's synchronous I/O by right-clicking a thread and selecting Cancel I/O.