Thursday, March 11, 2010

Where does Process Explorer store Column Sets?

First of all, I love Process Explorer. If you haven't done so already, stop what you're doing, browse over to http://sysinternals.com (now assimilated by Microsoft TechNet), find and install Process Explorer. This is by far the best process browser and analyzer for Microsoft Windows, especially for the price (free). A few of the screens available in this wonderful tool are shown below:




Now onto the reason for this blog post. Process Explorer has the concept of Column Sets, allowing you to customize the columns, column order and row sort of the main process window. Once customized, the setup can be saved in a Column Set:



This is a fantastic feature. Being a being of multiple PCs (six and counting), I was hoping to be able to share the fruits of my column tuning with >1 of my PCs. Process Explorer doesn't have an "export" function for these column sets, but they've gotta be stored somewhere on my system, but where?

The final answer became obvious, once I used Altiris Software Virtualization Agent (now assimilated by Symantec; Google "SVS 2.0" to find the freeware copy) to create a virtualized layer to trap all changes made by ProcExp.exe. All columns are stored in the Windows Registry under HKCU\Software\Sysinternals\Process Explorer ... right where I would've stored it had I designed the tool:



Exporting the column sets, should you be so inclined, is simply a matter of exporting the registry keys below ColumnSet0 in my example and saving it as a .REG file.

One interesting side note. Being a huge advocate of portable applications (I'm typing this blog via the ScribeFire add-on to Firefox Portable), I actually run ProcExp.exe off of a USB thumb drive. By having column sets stored in the Registry, this means that my column sets do not move with me as I move my thumb drive from system to system. In the grand scheme of things, it'd been slightly more portable to have this information stored in an old-fashioned .INI file in the app directory. It's not a deal breaker, but would've been nice.

Perhaps this [not so] brief blog post will answer the simple question I had when I started my quest a couple hours ago. Enjoy!

4 comments:

davidyoung said...

http://zippotrickstrainingvideos.webs.com/
Zippo Tricks Guy Says:

setup can be saved in a Column Set...COOL

Wilma Dean said...

I try to stop suspicious processes because the PC is too slow. Downloaded Process Explorer for CPU analysis https://yumdownload.com/process-explorer. And the CCleaner to remove unnecessary utilities. In general, I try to control the process of congestion...

Montgomery_Minds said...

Specifically, in regedit.exe, I right-clicked on ColumnSet0 and did Export to a .reg file.

I always rename my .reg files to .reg.txt so I dont click on them accidentally and accidentally change the registry. That means I have to rename them back to just .reg to double click on them to run them and apply them to the live registry.

But, one more thing needed. Edit .reg.txt file and add these lines (or create another .reg file with these lines in it):

[HKEY_CURRENT_USER\Software\Sysinternals\Process Explorer]
"NumColumnSets"=dword:00000001


NumColumnSets starts out as 0. And if you dont change it to 1, then even tho you've imported your ColumnSet0 onto another computer by double clicking on your .reg file, ProcessExplorer won't see it. Have to set it to 1 (or higher if you have imported more than one ColumnSet) so procexp knows the count of saved column sets.

Then, once in procexp, have to do View -> Load Column Set and it should be listed.

Dave Dugal said...

Nice catch! Thanks Montgomery.

- Dave