For starters since SysInternals got acquired by MS their utilities/support started to get sloppy.

Why does procmon require Workstation service? Why official support forum search doesnt work https://social.technet.microsoft.com/Forums/en-US/home?searc... =

    Internal Server Error - Read
    The server encountered an internal error or misconfiguration and was unable to complete your request.
    Reference #3.3e....

So, you don't find anything better about the software, but only about side issues ? I was also interested in the answer to parent's comment.

Off the top of my head process hacker lets you look up opened process handles, procexp doesnt let you list them, only do a global search for particular one. You need a separate command line handle.exe.

View, show lower pane. View, Lower pane, Handles (or dlls, your choice)

So its hidden under its own separate sub view instead of process properties like everything else, ok. Which handles are inheritable?

I don't understand the question, likely because I'm not a programmer. Do you mean handle types it represents, or does it show handles from sub-processes? I've found the content to be the same as I get from handle.exe from Russinovich. So using handle -s to get a summary, my system shows this - I would think all would be represented in Procexp:

C:\WINDOWS\system32>handle -s

Nthandle v4.21 - Handle viewer Copyright (C) 1997-2018 Mark Russinovich Sysinternals - www.sysinternals.com

Handle type summary: ALPC Port : 1437 Composition : 19 CoreMessaging : 10 Desktop : 16 Directory : 100 DxgkSharedResource: 2 DxgkSharedSyncObject: 1 EtwConsumer : 1 EtwRegistration : 1012 Event : 3591 File : 889 FilterCommunicationPort: 8 FilterConnectionPort: 9 IoCompletion : 1429 IoCompletionReserve: 63 IRTimer : 123 Job : 229 Key : 808 Mutant : 61 Partition : 3 PcwObject : 4 Process : 2540 RawInputManager : 63 Section : 1705 Semaphore : 1512 Session : 56 SymbolicLink : 369 Thread : 734 Timer : 81 TmRm : 26 TmTm : 13 Token : 979 TpWorkerFactory : 61 WaitCompletionPacket: 1846 WindowStation : 22 Total handles: 19822

There are more graphs per process and the interface is customizable. It's easier to supervise the activity by using the tabs on the main window to see all ongoing Disk, Network, or Service jobs. Process properties show tokens, much better overall/accumulated stats view for a process, process modules and heap regions, and so on. You can set it to permanently remember process priorities and automatically apply them. The "System Information" graph is much more informative in that you can mouse over the spikes and see which process is causing them. The better visibility of I/O traffic makes it simple to associate, for example, the internal handle for the mouse object, since my mouse requires intercepting/sampling to use all 7 buttons. And finally, the filter field is in the top-right of the main window, which makes it a lot easier to get to.

I'm sure some of this is accessible somewhere in the internals of ProcExp but I've greatly enjoyed Process Hacker. My biggest gripe is that I press X and it actually closes itself so the graphs hadn't been capturing when I go back to look at it. :)

Process Hacker allows you to execute program as user of any specified process, ex: create cmd.exe as IIS APPPOOL\app. Very useful for debugging access issues. I didn't find any other method to do this.

> Process Hacker allows you to execute program as user of any specified process, ex: create cmd.exe as IIS APPPOOL\app. Very useful for debugging access issues. I didn't find any other method to do this.

Sysinternals PsExec will. It's a tool often used to run a process interactively as System, so you should be able to do the same.