RE: See processes in windows

  • From: Yong Huang <yong321@xxxxxxxxx>
  • To: tanel@xxxxxxxxxx, Chris.Taylor@xxxxxxxxxxxxxxx
  • Date: Thu, 23 Apr 2009 15:09:03 -0700 (PDT)

Older versions of Process Explorer has both procexp.exe and procexe.sys. The 
new version (>= 10?) doesn't have the driver file, but it seems to be bundled 
into procexp.exe.

Yong Huang

---------- Tanel Poder wrote ----------

I took a Windows internals & troubleshooting training by Mark Russinovich &
David Solomon few years ago and Mark mentioned both procexp/procmon install
a kernel driver and yes its done dynamically (that's actually what I meant
by "installing" - the loading of the driver). I haven't verified it myself,
I think I can believe the word of the author of that tool :)

Niall, tlist.exe is not written by sysinternals, you may be confusing it
with pslist.exe which is written by them.

Tanel.

>
> And indeed its from the same developers as tlist!
>
> On 4/22/09, Taylor, Chris David <Chris.Taylor@xxxxxxxxxxxxxxx> wrote:
> > Fyi Process Explorer doesn't install a kernel driver, unless its
> > dynamic at runtime (AFAIK).  It doesn't have an install routine, you
> > just unzip and run the exe.  It's possible/likely that it uses some 
> > type of 'hook' into the system, but if so, its using dlls and such that
> > are already installed/registered.


      
--
//www.freelists.org/webpage/oracle-l


Other related posts: