____ __ __ ___ __ _ / _ | | \/ | ___ The advanced Task Manager / _ \__` | (_| | | |\/| |/ _ \ for Windows | (_) | | |\__ | | | | | (_) | Version 1.0 \___/ |_| |_| |_| |_|\___/ ________ _ _ |__ /__ / __| | _ __ ___ | '_|_ \|_ \/ _` | | ' \/ -_) |_||___/___/\__,_| |_|_|_\___| Terminating Processes ~~~~~~~~~~~~~~~~~~~~~ Ok, listen up - ProMo will terminate any process and it will delete any file, and it will not hesitate to kill system processes or services. And it will NOT prompt. Pressing the delete button while having a process selected will cause this process to be terminated - without prompting. So just be careful and know what you are doing, I am not responsible if your precious IIS server bites the dust because you terminated winlogon. The Process List ~~~~~~~~~~~~~~~~ The process list lists all processes and provides information about them. The first column always contains the name of the process and the icon of the executable if and icon has been extraced. Otherwise, the icon is replaced with the standard icon for windows executables, the empty little window. Further columns: - Bits: This column can only contain two values - either 32 or 16. The column specifies whether a process is a 32-bit or a 16-bit task. 16 Bit applications are becomming rare and usually you will only have 32 bit applications running on a rather modern computer. - Path to Executable: This column obviously displays the path to the executable file that created the process. The pathname is obtained by analysing the primary module of a process which is the executable file of the process. - PID: Stands for Process ID. This is a unique number used by the OS to identify a process. The system process on Windows machines usually has a PID of 8. - Handle: This is the handle to the process obtained by ProMo, it is available just for information purposes and, in fact, does not make much sense. But the hexadecimal number looks nice and so I decided to leave it as an option ... - Time: This value displays the ammount of time that has elapsed since the process was started. It is not the CPU time. It is actually the time that passed since the task was started. - RAM Usage: This value shows the working set size of the process in kilobytes (units of 1024 bytes) which represents the number of pages that have been loaded into memory by this process. This value illustrates how much RAM a certain task consumes. - RAM for this process: Shows the minimum and maximum working set size of a certain process. This is the ammount of memory that is available to the process. - Errors: This number specifies the ammount of page faults that have originated from a certain process. A page fault occurs when the process attempts to write to a section in the virtual memory that is not available, or if the process attempts to read from there. In this case, the information has to be read from HD. - Paged Pool Usage: This is the ammount of virtual memory that is used by the process and that can be moved to other devices, such as the HD. - Nonpaged Pool Usage: This is, of course, the opposite of paged pool usage. The nonpaged pool is virtual memory that is never moved to other devices. - Virtual Memory: This is the complete ammount of virtual memory used by the process. - Threads: This is the ammount of threads started by the process. A thread is a task that is currently being executed by the process - since processes have to execute several task simultanously sometimes, most applications work multithreaded, which means that the process obtains more than one thread. - Modules: This is the ammount of modules loaded by the process. A module is either an executable or a DLL (dynamic link library) which provides functions that can be executed by the process. The first module loaded by a process is always the executable that started the process, and under Windows, a process usually also loads modules like Kernel32.dll and Shell32.dll which contain essential functions to perform Windows-related tasks. - Priority: This value specifies the priority of a process which is the base priority of all threads created by the process. The priority of a thread specifies in which order the CPU handles the respective tasks prformed by the threads. Once you click an item in the Process List, the Process Menu will pop up. Please refer to the next section for more information. A process listed in the process list will be terminated as soon as you press the DEL button on your keyboard while it is selected. Pressing the F5 button will have the same effect as selecting the Refresh Now option in the Options Menu. Process Details ~~~~~~~~~~~~~~~ The tree view list displays diverse information about a process, its modules, threads and about the windows that have been created by the respective threads. At first, general information about the process is listed - the path to the executable that created the process, its priority and how many page file errors it has already caused. All this information can be copied to your clipboard, as well as any other entry within the list. However, the different items in the list will pop up different menus when you right-click them: Process Menu: ~~~~~~~~~~~~~ The root item of the tree represents the process itself - if you right-click this item, a menu with several options will show up. This menu is the same menu that will appear if you right-click a process in the Process List or if you select the "Process" entry from the main window. Terminating a process means that all threads started by this process are terminated and that all windows created by these threads are destroyed, the process will not perform any more tasks. You can also choose to delete the executable that created the process after having terminated it. Showing the process details means that all modules used by this process, all threads created by it and all windows created by these threads are enumerated and listed in the Tree View control. If you copy the path to the executable, the pathname will be copied as plain text to your clipboard. The options to copy the file, open the parent folder and display the file properties are the same options as the ones available for the modules, but they will affect the executable that created the process (this executable is actually the first module loaded by the process). The final entry will open the Select Columns dialog that allows you to alter the columns in the and clicking the appropriate entry. For more information about process priorities, please refer to the Process List documentation. Module Menu: ~~~~~~~~~~~~ This menu shows up when you have selected an item that represents a module loaded by the process. You can copy the name of the module to your clipboard and you can also copy the file itself to your clipboard which will allow ou to paste the file anywhere using the explorer. The option to open the parent folder will open a new explorer window which shows the folder that the file can be found in and the option to display file properties will also display the standard explorer dialog for showing file properties. Window Menu: ~~~~~~~~~~~ This menu shows up when you have selected an item that represents a window created by some thread that belongs to the process. You can copy the caption of the list entry to your clipboard - this caption is not always the caption of the selected window as some windows do no have any caption and as the list entrie's caption also includes the classname of the window. The options to minimize, maximize and close the window equal clicking the appropriate icons in a usual window's title bar. Restoring the window is only possible if the window has been minimized to the system tray and making use of this option is the same as clicking the iconic version of the window displayed on the system tray. Activating the window means that ProMo attempts to show the window and bring it to the foreground. Renaming the window will allow you to edit the window's caption in the Tree View list directly and after having done this, the window will also be renamed. This can have an effect on the visual appearance of the window as it will change toplevel window's title bar captions etc. The last three entries are checkbox-like options that can be turned on and off for each window. Windows that are "topmost" will be displayed on top of all other windows when they are not iconic (minimized). Windows can be visible or hidden, just as the name says - and a window can also be disabled which will disallow you (the user) to alter the window in any way. A disabled textbox, for instance, will usually be dispayed with a grey background and it will not react when you attempt to select it. The Status Bar ~~~~~~~~~~~~~~ Only the first two status bar items might not be clear: The first one should display "PSAPI" and the second one should display "THAPI" if everything is alright. PSAPI stands for Process Status API and THAPI stands for Tool Helper API. Both are sets of functions that can be loaded from the dynamic link libraries psapi.dll and kernel32.dll - if both API's are available, ProMo can work at its best, and otherwise, its funcitonality is limited. The second status bar item displays the number of processes that are currently running on the system and the third one displays the RAM usage of all processes together. The last status bar panel is used for information purposes, it displays if an action has been completed successfully or if and error occured. Find Window ~~~~~~~~~~~ This feature of ProMo allows you to search for a window in order to display the process that created it and the position in the process' details (this will show you which thread created the window, what its parent window is and it will allow you to perform operations on the window using ProMo). The easiest way to search for a window is using the visual search that allows you to drag your cursor onto the window you want to detect. While dragging the cursor, you will see the icon of the window that you have selected currently, it's caption and it's window class name. If you cannot search for the window by using the visual search, you can also insert the window caption and optionally the window's class name to detect it.