1
The process explorer.exe has a thread with "start address" starting with "windows.immersiveshell.serviceprovider.dll". It takes a lot of processing power. Additionally, after waking up from sleep it produces three windows of the class "MetroGhostWindow" which take place in the Alt+Tab dialog.
Killing the thread with Process Hacker works excellent and frees resources. But is there a command line tool to do the same?
You could easily make a small application that could be called from a command line, just have it take an argument, and have it call the TerminateThread function.
– Ramhound – 2016-05-05T13:16:08.103@Ramhound I do not know how to do it. Also it has to get as an argument the substring of the entry point name rather than TID. P.S. Why is the downvote? It is not a programming site, is it? – Anixx – 2016-05-05T13:23:11.020
If you want this capability, you will learn how to do it, the problem with the function I provided is it requires a handle to the thread. You are better off just ending the process the thread belongs to, much easier, then attempting to get the handle to a thread to an application that is already running. The last time I checked, voting is annymous, I am shocked they are giving the capability, to see the voting history on a question to new users. – Ramhound – 2016-05-05T13:26:03.433
What you want requires you writting a small command console application, or at the very least, a Powershell script.
– Ramhound – 2016-05-05T13:30:27.877@Ramhound "You are better off just ending the process the thread belongs to" - impossible, it is Explorer.exe, as mentioned in the question. Upon restart of Explorer, the thread will be recreated. "What you want requires you writting a small command console application, or at the very least, a Powershell script." - I do not know PowerShell language. If anyone can provide a solution, it would be great. If a similar utility already exists, it would be also great. – Anixx – 2016-05-05T13:33:57.147
Your request is out of scope for Superuser. We can help you acomplish your goal, we will not write the script or program for you, your request for us to write the script for you isn't reasonable. Handle v4.0 would appear to do what you want though.
– Ramhound – 2016-05-05T13:38:22.197Sysinternals' pslist will show the threads in a program, but its list does not allow you easily to identify the problem thread. I would recommend suspending the thread, rather than killing it, though I have found no command-line tools for either. I would have suggested disabling it, but see this recommendation. You can try the effects of both using procexp: try this before you go further.
– AFH – 2016-05-05T13:39:56.987@Ramhound I thought there is a command line utility for doing so, because Process Hacker can do in. – Anixx – 2016-05-05T13:40:26.850
Process Explroer can do it because somebody wrote it. What you want is possible, but it might not exist, so easier to just do it yourself. So you should start by researching how to do it, so you can write that program, and solve this problem for millions of people. – Ramhound – 2016-05-05T13:42:14.947
@AFH As I said I did it already with Process Hacker (another name for Process Explorer). It works well. – Anixx – 2016-05-05T13:43:17.217
@Ramhound well I fount Process Hacker can kill a thread by the thread ID: https://wj32.org/processhacker/forums/viewtopic.php?t=75 The question is how to get it from the entry point name.
– Anixx – 2016-05-05T13:50:39.687@Anixx - You should do research on how to find which entry points exist for that dll, based on that knowlege, you can try each one until you get the desired result. – Ramhound – 2016-05-05T14:08:31.877
@Ramhound I know the start address substring, how to obtain TID using command line? – Anixx – 2016-05-05T14:19:40.390
I provided you an excellent suggestion how to determine that. – Ramhound – 2016-05-05T14:23:07.253
@Ramhound where? The TID will be different on each process restart. – Anixx – 2016-05-05T14:23:49.430
2
better analyze what the thread does instead of killing it. share a WPR trace so that I can tell you what it does. Install the WPT (part of the Win10 SDK: https://dev.windows.com/en-us/downloads/windows-10-sdk which also works on 8.1), run WPRUI.exe, select "First Level", under Resource select CPU usage and click on start. Now capture 1 minute of the CPU usage. After 1 minute click on Save. Zip the large ETL file (+ NGENPDB folder) into 1 zip, upload the zip (OneDrive, dropbox, google drive) and post the share link here.
– magicandre1981 – 2016-05-05T15:44:24.303