Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

Task Manager Extension 2.0

0.00/5 (No votes)
22 Jan 2007 17  
Task Manager Extension. This is a Windows Task Manager (NT/2000/XP/2003) plug-in. It adds lots of useful features to the standard Task Manager. It can show process modules, memory map, used handles, open files, file properties and a lot of other info!

Contents

Introduction

Back to contents

The Task Manager Extension (TaskManagerEx) is a plug-in for Windows' built-in Task Manager. It expands the basic functionality and gives a powerful control over running processes. Task Manager Extension can show process modules, process memory map, used kernel handles, opened files, file properties, and lots of other info! It is very useful in many situations.

Here you can see the Task Manager window with the Task Manager Extension plug-in loaded:

Task Manager Extension: Process context menu (Process operations)    Task Manager Extension: Main Task Manager Menu

The Task Manager Extension shows more processes, adds lots of useful items to process the context menu, adds a new "Extension" submenu to the main window menu, and so on...

Changes

Back to contents

Changes in version 2.1:

  • Added Visual Studio 2005 compile compatibility
  • Fixed bug with multiple Task Manager windows
  • Reduced splash screen show time from 3 seconds to 1 second
  • Added Service list to Process Information dialog
  • Added Command Line, Environment information to Process Information dialog
  • Fixed Process Information dialog resize bug
  • Fixed "Always on top" option bug
  • Tip Of The Day is now hidden by default
  • Removed multi-byte characters bug (for file and kernel object names)
  • Added Uninstall feature (TaskManagerEx.exe command line option).
  • WARNING! Couldn't remove bug with drawing (sometimes dialog with listview creates with a garbage on it)... (it happens since the original version 1.0)

Changes in version 2.0:

  • View process threads.
  • View memory map.
  • Edit process security.
  • View process basic information.
  • View process executable dependencies (depends.exe from MS VC++ 6 must be run at least once before).
  • Process executable file properties.
  • View module file properties.
  • View loaded drivers.
  • Edit object security.
  • Find object by part of its name.
  • Options: Start Task Manager Extension with Windows.
  • Russian localization.
  • Lots of bugs removed.
  • Lots of new small features added.

Features (from original version):

  • Show Application icons in Process list (if available).
  • Use different color for services.
  • Find a used file by any process. (Use * as file name for showing every used file.) (The search is a full text search, so for example you can use the extension only.)
  • Find a used module by any process. (The search is a full text search, so for example you can search for "kernel".)
  • Show Process ID in Applications tab.
  • Use different color for processes if the CPU usage reaches a given limit (25%, 50%, 75%).
  • Query list of every file, handle, module, window used by a given process.
  • Close a used file (you can unlock an exclusively opened file, so you can delete it).
  • Unload a used module (so you can delete it).
  • You can kill services too.
  • End process swiftly: just press DEL key!

Compatibility

Back to contents

The Task Manager Extension (TaskManagerEx) runs fine on Windows 2000, Windows XP, Windows 2003.

It doesn't work on any Windows 9x, Windows NT, or any Windows x64. I also tested the Task Manager Extension with Windows Vista, but it didn't work. I do not see a simple way to improve Task Manager Extension to work with Vista's Task Manager... :-(

Currently, two languages are supported - English and Russian. But it will work with any other localized Windows. In the Russian version of Windows, the Task Manager Extension shows all menus' captions and etc. in Russian language. It looks very native, when all user interfaces use a common language.

It is expected from the user to have Administrator rights while using the Task Manager Extension. Without these rights, some functions may not work or may work slowly.

Using Task Manager Extension

Back to contents

Warning

Back to contents

Warning! The Task Manager Extension can be very dangerous for your system! You must be sure what you are doing with the system internals! If you terminate some system thread, unload a library, or close an important handle, you may crash your system. Use the Task Manager Extension at your own risk!

Compiling

Back to contents

It is necessary to have the modern Platform SDK while compiling the Task Manager Extension on Visual Studio 6.0 (VC++ 6.0). You can download the February 2003 Windows Server 2003 PSDK Full Download with Local Install from here.

Visual Studio .NET doesn't need an extra SDK and is fully supported since this version of Task Manager Extension. You will be prompted to convert workspace and project files from 6.0 format.

Only two projects are necessary to compile the Task Manager Extension:

  • TaskManagerEx
  • TaskManagerExDll

You can compile the ANSI or Unicode version of the Task Manager Extension. Both should work.

Installation

Back to contents

The Task Manager Extension doesn't need a special installation:

  • Copy TaskManagerEx.exe and TaskManagerExDll.Dll to any folder on your computer.
  • Run TaskManagerEx.exe.
  • Run Task Manager by pressing Ctrl+Shift+Esc or by Ctrl+Alt+Del and selecting Task Manager (on Windows XP, Ctrl+Alt+Del loads the Task Manager immediately).

The Task Manager should have extended functionality now!

You can make the TaskManagerEx.exe to start during logon: select menu Extension\Options, check "Run during Windows logon" on appeared dialog and press OK.

Uninstall

Back to contents

You can run the TaskManagerEx.exe /clean command. It will unload and unregister the Task Manager Extension completely! TaskManagerEx.exe and TaskManagerExDll.Dll will remain on the disk. This operation is equal to the following operations:

  • Unregister TaskManagerEx.exe from running during Windows logon.
  • Unload TaskManagerEx.exe.
  • Restart existing Task Manager to unload TaskManagerExDll.Dll.

Hint! Try TaskManagerEx.exe /? to view all supported command line arguments!

Use Cases

Back to contents

There are lots of cases when the Task Manager Extension is very useful. Some of them are described below.

First of all, I want to say that the Task Manager Extension gives the Task Manager some extra security permissions so it may stop processes that generated "Access denied." before! You can view and terminate even processes that run services.

Detecting process service list, command line and environment

Back to contents

With the Task Manager Extension you can get the command line for any process in the system. You should only use the process context menu item "Information...".

Task Manager Extension: Process Information

You can also detect what Services are running in the selected process. It is useful when one of SVCHOST.EXE (or some other service executable) eats 100% of your CPU and you don't know what service is guilty.

Deleting blocked files: looking for used file or module

Back to contents

Sometimes file deleting is impossible. You may want to delete a file that is opened by some application. May be you are developing a hook DLL (or COM component) and you can't delete it because your DLL is loaded into some processes. In such cases, you can select a Task Manager main menu item "Extension/Find used file..." or "Extension/Find used module...".

Task Manager Extension: Find Used File

This dialog will help you find all the processes that use a specified file or executable module. You just enter a part of file, folder, or module, and press Enter. The special value "*" matches all files (or modules). Note that loaded modules may not be opened as files and vice versa! So the "Find used file..." dialog will not find the loaded modules. The user-entered string is searched in the whole path of the file.

Antivirus and anti-trojan protection

Back to contents

Sometimes, a firewall may alert you with a question about a network activity of a process. Sometimes you can see some strange process in Task Manager that is unknown to you or eats 90-100% of your CPU. With the Task Manager Extension you can simply check lots of information about suspicious processes.

First of all, you can check file information (it is usually shown through the "Properties" item of file context menu). The Task Manager Extension gives you the corresponding process context menu item. All Windows built-in modules have the correct VS_VERSION_INFO structure in its resources.

Task Manager Extension: File Properties

If an executable module is located in the Windows folder and there is no Version tab at all, or the vendor is not Microsoft, then there is a big probability that the selected module is a virus. Viruses usually don't contain the correct Windows version information because their author doesn't know what version of Windows you would use.

The second way to get important information about a process is the "Modules..." item of the context menu. It is especially important for RUNDLL32.EXE or RUNDLL.EXE processes. These processes are Microsoft EXE-files (with correct version info) that are written specially to run other DLLs.

Task Manager Extension: Process Module List

In this dialog, you can directly view any module file properties using the context menu. If the process seems to be an internal Windows process, then all of its modules usually lay in Windows folder and have version information that correlates with the version of your Windows. There are a few exclusions: Windows Hook DLLs may be loaded anywhere (it may be a DLL from your mouse driver, multimedia keyboard driver, Lingvo loader, etc.). Some DLLs may be also located in correct Microsoft folders like "C:\Program Files\Common Files\Microsoft Shared".

These are the basics of anti-virus war on your computer. My experience shows that end-users will always find a new and unexpected way of using my program. :-)

Debugging: library usage

Back to contents

You can see the process module list through the "Modules..." item of the process context menu.

Task Manager Extension: Module List (debugging)

You should pay your attention to the "Usage" column. It contains library usage counter. It increments during the LoadLibrary() call and decrements during the FreeLibrary(). "Fixed" modules are the main executable modules and all libraries that are statically linked to it. These libraries do not increment their counters and are never unloaded. You can increment or decrement the usage counter by the module context menu. When the counter goes to zero, the library is unloaded automatically. Be careful!

Debugging: kernel object usage

Back to contents

You can see all your handles using the "Handles..." item of the process context menu.

Task Manager Extension: Process Handle List

Here, you can see all the process handles to various kernel objects. Some of them have names and you can see them. You can view and edit object security information. Most of the objects support special operations through their context menu. However, every handle supports its closing.

If you want to see opened files only, then you'd better choose the "Files..." process context menu item. It is the same, but it filters to show file objects only.

Other Task Manager Extension screenshots

Back to contents

Task Manager Extension: Process Handle Operations

Task Manager Extension:

Task Manager Extension: Process Module Operations

Conclusion

History

Back to contents

Four years ago, I found TaskManagerEx. I got it without any sources and used it for a long time. It was good enough, but I always wanted a bit more from that utility. I wanted Task Manager Extension to have some additional features when I accidentally found Zoltan's article on CodeGuru with sources (CodeGuru: Task Manager Extension). I spoke with Zoltan and wrote a new version of the Task Manager Extension. It was based on its public sources. While developing and refactoring old code, there was always one big question: how Zoltan could write it 5(!) years ago? There were no information about lots of undocumented features. I have now some of these info, but he wrote and debugged his code an eternal period ago! It was a really great job, Zoltan!

When I was writing version 2.1, I suddenly found the Windows 2000 sources. I looked at them and found the Task Manager sources. How exciting it was to see all those constants and logic, that we reverse engineered with IDA, Spy++, etc... It was nice to verify that the Task Manager Extension uses one of the most correct ways to hack the Windows Task Manager.

Analogs

Back to contents

After writing Task Manager Extension 2.0, I found the ProcessExplorer from Sysinternals. ProcessExplorer does more things than the Task Manager Extension, but it works standalone while the Task Manager Extension is built-in into the system (nice and tight). ProcessExplorer has also another disadvantage: it has no open sources. Some time ago, Microsoft bought Sysinternals, so you can find the ProcessExplorer installation here.

Credits

Back to contents

Thanks to Zoltan Csizmadia for writing the original version of TaskManagerEx. TaskManagerEx helped me lots of times in my work, and encouraged me to write an improved one.

Thanks to everybody who contributed anything on CodeGuru and The Code Project.

Thanks to Yura Semashko, Konstantin Karatov, Alexey Grakov, Ivan Kirkorov for verifying my article.

Thanks to nova_, Simon.W, wumpus1 and other users from CodeProject who tested TaskManagerEx 2.0.

Thanks to Mike Russell. He made a donation and told me how Task Manager Extension helped him. This occurrence inspired me to remove old bugs, write a new version, and to compose an article for it.

Back to contents

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here