Sysinternals Process Explorer Extension

by Ivo Ivanov

Extend Process Explorer using API hooking and code injection.

Process Explorer is a fantastic utility. Often there are situations when it is needed to suspend a specific process and terminate all its child processes. Process Explorer is a very handy utility and has these functions built-in as "Kill" and "Suspend" which are available under the "Process" menu. However, there isn't an atomic action which would allow the user to select a process and then suspend it and terminate all its child processes in one go.

The solution:

Process Explorer Extension utility adds following new features to the process view context menu available through right click within the process view.

  1. Suspend Process and Kill Child Processes. This is a combination of the existing "Suspend" process and "Kill" individual processes actions.
  2. Kill Child Processes - This is very similar to "Kill Process Tree", but as opposed to the built-in feature, it does not terminate the parent (container) process.
  3. Open File Location - It opens the Explorer where the selected process is located.
  4. Open Elevated Command Prompt in Location - This feature opens an elevated command prompt in the process location.

You can find more about the implementation of the Process Explorer Extensions which uses our ACF SDK in Ivo's blog post about Process Explorer extension.

Download the utility here.

On the web

Ivo's blog
API hooking revealed
AntiHook v3.0 White Paper
AntiHook SDK v3.0 Feature List