svchost.exe 가 죽을때 어느 프로세스랑 연결되어 있는지 확인 가능함
크래쉬 덤프도 생성 가능함.
파일을 어느 프로그램이 결고 있는지도 알 수 있음
http://technet.microsoft.com/ko-kr/sysinternals/bb896653.aspx
By Mark Russinovich
Published: February 5, 2013
.png){kind=small}
Download Process Explorer
(1,134 KB)
Introduction
Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
.jpg "Process Explorer")
.jpg "System Information")
Related Links
- Windows Internals Book
The official updates and errata page for the definitive book on Windows internals, by Mark Russinovich and David Solomon. - Windows Sysinternals Administrator's Reference
The official guide to the Sysinternals utilities by Mark Russinovich and Aaron Margosis, including descriptions of all the tools, their features, how to use them for troubleshooting, and example real-world cases of their use.
.png "Download")