TaskView - usage manual
This program is aimed to aid debuging programs and system performance.
It is not intended for ordinary users, since there is few help, if any.
It is rather intended for programmers, who already know, what particular
Please note, that you are responsible for what you do with it,
there are no warnings, what your action will cause, just some confirmations,
if you really want to do that... It is so easy to spoil things...
Another major aim is to judge running & installed programs and detect
virus & malware and to aid in cleaning the infection...
- New version does NOT work on Win98 at all.
Will be corrected, when I find such system again - now I've got none such...
- Handles and threads pages sometimes locked under XP. (It seems these has been resolved...)
- Handles, threads, KernelMem and maybe other functions require Administrators membership,
work only on builds 2195 (2k) and 2600 (XP). Other platforms would require editing SysMetric.ini file...
- PNP page works on Win2k only.
- Heap block analyzer is only shown in menu, no code yet...
- Borland block analyzer does not work, if first pages of block are decommited,
and if heap corruption occurs... (Anyhow, trivial Borland allocator would not work
with corrupted heap anyway...)
- Guids page is terribly slow and requires lots of memory, so it is hidden by default...
- Disassembler in context-view does not correcly parse r/m byte and is useless...
I do not plan improoving it...
Most task-view forms have got a pager.
By selecting a page, you acquire to fill its contents - pages are not filled until they are selected.
All task-view forms have got a command line.
Only few commands are in a popup-menu (the non-parametric ones)...
Some commands are handled by the form, some are handled by the specific list...
To see, which commands are supported, type help command.
The commands may be abbreviated - a first command, that matches entered text, is executed.
The order, in which the commands are checked, is listed by a help command...
Most task-view forms have got a list-view.
You can select columns, which are displayed, by pressing Ctrl+F1.
When you start task-view for a first time, only basic columns are shown,
since gathering other columns may take more time or require more memory...
Select that set of information, that interests you...
Each page has an auto-refresh flag, which is toggled from popup-menu or by autorefresh on command.
Only few pages are auto-refreshing by default, as it is not always appropriate...
To refresh page contents manually, hit F5 key.
Some pages maintain list of added/removed items (in green/orange colors).
By pressing F5, you clear this flag and free removed items immediatelly,
else the removed are auto-freed after 8s, if auto-refreshing...
Keys & mouse
- Wheel - roll 2-3 items
- Shift+Wheel - roll 1 item
- Ctrl+Wheel - roll 1 page
- Ctrl+Click, Shift+Click - multi-select
- Left,Right - roll horizontally
- Ctrl+Left,Right - roll horizontally by page-width
- Up,Down - move selected item
- Ctrl+Up,Down - move cursor, leave selection
- Shift+Up,Down - multi-select
- Space - toggle selection
- Hit F7 key to open search
- or just start typing...
- Search is for a sub-string in any column, including some not-displayed columns...
- To find next/prior match, press Down/Up arrows...
- To stop search, either press Enter, Esc or unfocus search-field (by clicking listview).
- There are 2 basic filters - any-column or specific column:
- To filter in any column, type command filter "SearchText"
Only items, where this text is found, are displayed...
- To filter by value in specific column, type command filter Column=Value.
Column-name is matched by start of its caption...
- There may be only 1 filter at a time.
- To switch off filter (show all items), type filter command (with no parameters).
- Commands at start and end of popup-menu are form-specific (for all lists),
- middle part is defined for specific list source.
- Export (Ctrl+S) - in CSV (;-delimited) or TXT (tab-delimited) formats,
as detected by extension you give to the file...
- To export only some columns, use clip command
to copy list to clip-board... This command supports format argument...
(For ex. * clip copy "%Name%=%Value%" )
- Target - performs common commands on selected items.
If task-view recognizes some of these, it enables these commands:
- View file - view file with a viewer.
Configure the file-viewer in key HKEY_CURRENT_USER\Software\Semi\TaskView\Main
in value FileViewer.
Example: TextView.exe "%s"
- Edit file - edit file with an editor.
Configure the file-editor in key HKEY_CURRENT_USER\Software\Semi\TaskView\Main
in value FileEditor.
Example: LiteEdit.exe "%s"
Other example: TaskView.exe /hex "%s"
- Browse path - browse path of file-name in browser.
Configure the browser in key HKEY_CURRENT_USER\Software\Semi\TaskView\Main
in value Browser.
Example: AltBrow.exe "%s"
- Internal regedit - open RegView on key-paths...
- Edit registry - open AltReg.exe on key-paths...
- Store list state - all states are automatically stored when you switch
page or close window. Here you can disable storing that page state...
- Store any state - here you can disable storing any-page state...
- Reset list state - clear stored list-state (return to basic factory default)
- Select columns - select from available columns
- Select pages - select from available pages
- Auto-size columns - by text-size...
- Select (all, none, toggle)... Most commands apply to selected items only.
To apply command to all items, prefix it by *
Keys on command-line:
- Enter - open detail view
- Ctrl+PageDown/PageUp - switch pages
- Tab - switch between list and command-line
- Ctrl+E - focus command line and walk history
- Ctrl+(wheel~key)Up/Down walks history
- Up/Down is passed to list-view...
- Alt+Down opens mru-list (combo)
- Enter performs command, or focuses list-view, if no command...
Main task-view form contains the following pages:
- Process - process list
- Modules - loaded DLL listing
- Windous - window listing (on current desktop)
- Services - service listing
- Startup - commands, which are executed during startup
- Extensions - commands, which are registered for various extensions to system explorers (context-menu, ie-plugins, codecs, etc...)
- HD Parts - hard-disk partition list
- ObjDir - object directory (NT only)
- Kernel - list of loaded kernel modules
- ObjTypes - list of system object-types with some statistics (NT only)
- Registry - a registry editor
- File types - list of registered file-types (in HKEY_CLASSES_ROOT)
- Threads - list of threads
- Handles - list of opened handles
- PNP - list of PNP tree (Device manager)
- Guids - list of all guids, found in registry (is very slow!)
- EventLog - list of Event log records
Process list displays list of processes,
as acquired either by CreateToolhelp32Snapshot
or NtQuerySystemInformation(5) if available.
(If you are suspicious of hidden processes (rootkit etc..),
issue command ntqsi 5 ab to see,
if the system information is mangled or not...).
- Name - process name (either from system info, or from command-line)
- Pid - process ID
- Priority - as shown by GetPriorityClass
- WS - Working set - how much memory is this process currently using
(this is shown by TaskMgr also)
- Commit charge - ?
(this is shown by TaskMgr also)
- FileName - exe-name for the process
- CPU time - used CPU time (in seconds) - sum of UserTime and KernelTime
- Desktop - on which desktop was the program started (from RTL_USER_PROCESS_PARAMETERS)
- Command line - command line, specified to start the process (from RTL_USER_PROCESS_PARAMETERS)
- Current path - current path (GetCurrentDirectory) for the process (from RTL_USER_PROCESS_PARAMETERS)
(can be changed from process-view first page)
- ReadSize, WriteSize, OtherSize - bytes transfered... (from PROCESS_IO_COUNTERS)
- ReadCount, WriteCount, OtherCount - operation count... (from PROCESS_IO_COUNTERS)
- Parent - process, which started this process
- Threads - thread-count in the process...
- User - as returned from GetTokenInformation(TokenUser)
- Manufacturer - from exe-file VS_VERSION_INFO, CompanyName value.
Most professional software has got an information about its manufacturer,
most mal-ware and some amateur programs have got none, which is displayed
in red color...
- Commited memory, Image memory, Private memory, Shared memory, Virtual memory...
These columns are SLOW - they are acquired by VirtualQueryEx, summing
all memory regions in a process... Summing is performed at 20s interval,
unless you press F5 to refresh the list manually...
- Ctrl+Shift+T - Trim working set.
By this command, all memory pages in process are marked as unused,
and selected for swapping out to swap-file.
They will be swapped, when system needs more memory, not immediatelly.
Pages, that are touched by the process, are automatically marked by CPU as used...
Recommended technique to spare memory: short after program start, trim it once,
and immediatelly let it re-paint, so that it does not swap out code, needed for painting...
If you are in doubt - by minimizing an application windows trim its working set also...
- Enter - open process detail
- Ctrl+M - open memory-view
- Del - kill process (TerminateProcess). Confirmation is issued before a killing process...
In main-menu/options, there is Expert mode option. By selecting this mode,
you can open any process regardless of its protection (requires SeDebugPrivilege).
- priority high - change priority
- unhook all - unhook all hooks, set by SetWindowsHookEx
This command may help to unloading a virus dll, which used this to load into every process...
Just wait a while, until it is unloaded and delete it...
- shutdown 20 - open shutdown window (InitiateSystemShutdown)
- noshut - cancel shutdown window (AbortSystemShutdown)
- makefreemem 80M - acquires this much memory and releases it...
Usefull before loading memory-extensive applications (for ex. delphi)...
- cpu bias - reset CPU-time column contents to 0 - usefull to see, what is working now...
- cpu total - revert to absolute times in CPU-time column...
- closedesk DesktopName - close all programs, which run on that desktop (posts WM_CLOSE message)
- killdesk DesktopName - kill all programs, which run on that desktop (by TerminateProcess)
- env set Name=Value - set environment variable in selected processes
- env save FileName - save environment to file
- env load FileName - load environment from file
- Generic security commands (everywhere, where security_descriptor is available):
- security edit - edit security descriptor
- security save filename - save security descriptor to file
- security load filename - load security descriptor from file
- security duplicate processname - duplicate security descriptor (from specified to all selected items)
- Other generic commands:
- ntqsi Number [ab] - show raw contents of NtQuerySystemInformation.
With "ab" param it pre-fills the buffer with AB - so that you may detect, if some hidden-process mangles the
information (for ex. by clearing the tail...), and to see, which fields are filled by system...
Interesting informations: 5 is process-list, 11 is driver-list, 16 is handle-list, 17 is kernel-object-list...
- distinct Col1,Col2,Sum(Col3),Avg(Col4) - open distinct-view
(for ex. distinct Name,sum(Commit charge),sum(WS),count(pid) to see memory statistics summed by process-name)
- sum column - sum contents of column in selected items and show in status-bar...
To sum all items, prefix by *
Be careful what you do with it, since original protection of system processes
prevents you from spoiling them...
List of all DLLs in all processes.
This page is usefull, if you need to terminate all processes, which has
got BDE loaded (idapi32.dll), if BDE runs out of semaphores due to
terminating a debuggee often,
and to see, if some DLL is mis-located (more entries for 1 DLL mean, that
it is re-located in each process onto a different address and consumes
more memory (like MSI.dll)...
List of windows on current desktop, showing class-types, captions and other informations...
By pressing Enter, child-window hierarchy is shown.
Commands and keys:
- Ctrl+T - send WM_SETTEXT message (can be used to rename window titles of "Application" window)
- sendmessage WM_SETTEXT 0 "Text" - send message to the window.
Quoted text is allocated in TaskView process - system translates only some messages!
To use hex numbers, prefix by "$".
- Ctrl+P - focus process of that window
- Enter - open child hierarchy.
By selecting "Recurse" command in its list-view popup-menu, you can see all child windows in 1 flat list...
By showing child hierarchy of desktop window (handle in violet color), you can see all
windows on a desktop...
List of installed services, as shown by EnumServicesStatus, QueryServiceConfig
- Type - "Sh.process" (SERVICE_WIN32_SHARE_PROCESS), "Process" (SERVICE_WIN32_OWN_PROCESS),
"Process(int)" (SERVICE_INTERACTIVE_PROCESS), "Driver" (SERVICE_KERNEL_DRIVER)
- Name - by this name the service is configured
- Display name - this name is shown to user in system applet...
- Status - "active" or "stopped"
- Startup - "manual" (SERVICE_DEMAND_START), "auto" (SERVICE_AUTO_START) or "disabled" (SERVICE_DISABLED)
- Load group, Depends on - lpLoadOrderGroup or lpDependencies
- Path - executable
- ServiceDll - for "svchost.exe", this DLL is loaded for the service
- You can start/stop/pause/enable/disable services from popup-menu.
- Startup - manual,auto,disabled - change startup option (disable service, set manual start etc...)
- Type Filter - service, driver, all (defaults to "service")
- Select dependents - select all services, that depend on current service.
A service may not be stopped, unless all its dependents are stopped also...
- Interrogate - Perform ControlService(SERVICE_CONTROL_INTERROGATE).
This is a harm-less action, which writes to service control pipe.
This may be usefull, if some other process is locked querying service pipe properties...
(You may also use Ctrl+A, Interrogate to interrogate all services)
- Dump-view - opens dump-viewer (to see, what functions are imported etc...)
Usefull to judge mal-ware and to see version-info for the service...
If "ServiceDll" value is present, its dump is shown, otherwise "Path" executable...
Shows commands, executed during computer startup.
From "Source" column you may see, where is the command defined...
Please note, that autoexec.bat is not parsed here - these are windows commands only...
Inspecting this page is a first step of cleaning an infected computer...
- Dump-view (Enter) - show dump-viewer to judge mal-ware
- Run (Ctrl+Enter) - execute the item
- Edit (F4) - edit the location of the item (registy, start-menu, win.ini etc...)
- Delete (Del) - delete (if supported)
Shows extensions, defined in registry for explorer, iexplore, codecs and context menus...
These places are often infected by mal-ware and can be cleaned here...
Commands are same as in Startup page...
List of HD partitions.
Commands in popup-menu:
- By sorting on "Partition" column, you may group partitions by hard-disk.
- Shows free/total space, file-system, label, type...
- By opening a detail - disk-view is shown.
- The information is cached until reboot, so that it does not
need wake-up sleeping disks...
To refresh the cached information, press F5 key
(for ex. after re-partitioning a disk).
Only removable disks (usb) are refreshed automatically...
- Flush (Ctrl+Shift+F) is similar to sync.exe program
of sys-internals. It calls FlushFileBuffers on volume handle to flush
all unwritten information to disk.
- Dismount - this is useful after editing partition in WinHex.
It tells windows to forget about file-system on the disk. The file-system
will be re-recognized after a next request to it...
I've used this once, after restoring boot-record from a backup copy,
to tell windows to re-detect the partition geometry...
By dismounting a volume, all files opened from that volume are closed!.
You may not dismount a system volume (usually C:)...
- Eject, Inject - applies to removable media (CD)
- Enable removal, Disable removal - applies to removable media (CD)...
If you kill Nero during burning, it has disabled removal of a CD
and you can not get it out... Here you may(?) re-enable it...
- Browse - open a browser on specified volume.
Configure the browser in HKEY_CURRENT_USER\Software\Semi\TaskView key,
value Browser. (%s is replaced by C:\ in this case)
This configured browser is also used for target-action "Browse path"
Shows object-directory hierarchy of Windows NT.
By selecting "Data" column and pressing "Ctrl+Shift+Enter", you may view objects in memory
(requires Administrators membership)...
(That C+S+Enter key works in mem-view for every negative value and in handle-list...)
(Kernel addresses are available on builds 2195 (w2k) and 2600 (xp) only. Other platforms
would require editing SysMetric.ini file)
Shows listing of loaded kernel modules (as shown by PsApi.EnumDeviceDrivers).
Columns Manufacturer and CheckSum help to detect viruses and to compare two "identical" machines...
You may see modules in memory (Ctrl+Shift+Enter), if they are not swapped...
To detect a "hiding" module, issue ntqsi 11 ab command...
Object-type statistics, as shown by "NtQueryObject" function.
No commands here...
This page is available as separate form by pressing Ctrl+Shift+R...
- Ctrl+Enter - follow (if I knew, where the value leads)
(Follow on guids leads to CLSID, Follow on DeviceReference value leads to kernel memory etc...)
- Hint for guids (what they mean)
- Multi-level create-key
- Searching is not implemented yet...
- Editing binary values is not implemented yet...
- Multi-sz values are easily edited as plain-text lines...
- Export, import, rename etc...
(Importing only REGEDIT4 files!)
- Registry map for fast access to common keys...
You can add/remove nodes from map by popup-menu command "In map"
- Multi-select in tree (initiated by Ctrl+F12 key)
allows exporting more keys into 1 file
- Mounting registry files (of other users etc...) - see commands load and unload ...
- Editing "Security" value (of services) as security-descriptor...
File types, as registered in HKEY_CLASSES_ROOT
List of all threads in processes, that could be opened (see "Expert mode" note above).
By pressing "Enter" key, you can open a detail view (stack-view)...
List of all handles in processes.
Requires "Administrators" membership...
By selecting "Object" column and pressing Ctrl+Shift+Enter, you may view the
kernel object for the handle in memory...
"State" column shows some state information (file position, mutant/event state, section size, token contents, socket ports etc...)
Various object-types have got "verbs" in popup-menu:
- Set event, Reset event
- Acquire semaphore, Release semaphore
- Editing handle security is supported for some types.
Beware, that editing file handle security edits security of the disk file,
but is not consistent with system security editor, since it does not
propagate directory rights to sub-directories or files. Same applies
to registry keys...
Beware, that acquiring or setting security for blocking pipes
lock the taskview process. To unlock, try to interrogate all services or reboot...
- For "Section" object, you may view contents (by pressing Enter)
- You may close the handle (by Del key) - uses DuplicateHandle for that...
Shows PNP tree, as read from kernel memory (requires administrators membership).
Class, Description and ConfigFlags are read from registry...
Shows EventLog events.
- You may select 1 or more categories on left side
- Messages are shown with text in list, hint for the text shows
whole text of event (if fits on screen)
- By DblClick/Enter open message details
NetApi configures users, sessions and shares...
This window consists of following pages:
- Users - you can edit/delete users here... Adding a user does not work...?
- Groups - local and global groups.
You may add/remove members and edit privileges assigned to groups...
- Shares - add/remove/edit share parameters, set share security...
- Sessions - who is connected to your computer... (You may disconnect sessions here...)
- Files - what files are opened by redirector (from remote) on your computer.
(You may close opened files here)
- Conns - where is your session connected (similar to net use system command)
- Sockets - detailed list of TCP/UDP sockets in all processes...
(Seems to work only on Win2k...)
(Sockets of particular process are found in process-view)
- Scheduler - shows scheduled tasks, if that service is running...
- Services - service listing (same as in TaskViewer...)
- WorkStation - statistics and configuration...
(some values may be toggled here - now only BOOL values...)
Process-view is opened as a detail from main process-list...
It constists of following pages:
- Proc - generic process informations.
- Current path - may be changed here...
Just type new path and press Enter.
This operation suits, if you need to rename a folder, which is
current directory of some process...
Please note, that you should NOT do that very often (1-3x on 1 process),
since it looses some space in process-env block!
- Remark - is stored in process memory and may be displayed
in main task-view process-list...
(Approx 32 bytes are available)
- Kill - other way to kill the process
- Edit sec - edit security descriptor of this process
- Env - shows environment values in that process. Is fully editable...
- Mods - list of loaded DLLs in that process...
You may load/unload other DLL from here,
open a detailed Module View or only a simple Dump (default)...
(Module view shows dump,segments,resource tree with interpretation,
mem-hex-view (in-memory) only if opened from a process, that has it loaded...)
- Winds - windous of this process...
Commands same as main windous-list...
- Handles - list of opened handles.
You may close handles here, set event-states,
view section data, view object in kernel memory etc...
- Thr - threads of this process.
By selecting detail, thread-view (analyzed stack-view) is opened.
- Mem - analyzed memory-block listing.
By opening detail, memory-view is opened for that block.
- Privileges - privileges in token of specified process.
You may toggle privilege state here...
- Cls(D5) - list of Delphi classes (works with Delphi 4-7?)
- Obj(D5) - list of Delphi objects (works with Delphi 4-7?)
By opening a detail, an object-inspector is shown.
By opening memory (Ctrl+M), memory-view is focused on that object.
(If you are using standard Delphi memory allocator,
issue Ctrl+Shift+B key in mem-view to analyze current block
as "Borland" memory blocks... Shows allocation boundaries and differentiates deallocated spaces...)
- Socks - sockets, opened in this process.
(Seems working on Win2k only, WinXP would need corrections in SysMetric.ini file...)
- CritSecs - list of initialized RTL_CRITICAL_SECTION records.
You may see, which is locked. Unlocking a locked crit-sec is prepared...
This section is being prepared
- Select Highlight (by default), unless it disturbs you?
- Select Deep analyze to allow highlighter follow pointers,
detect Delphi classes and kernel strings...
- Target hints - show target description in hint (mostly as PChar)...
- Show pager - allows you to hide left-side pager.
(There is no use of pager on file-view and section-view including PhysicalMemory.
Navigator for DiskView is being prepared...
Pager is usefull only in Process and Kernel memory viewers now...)
(Most options are remembered per viewer-type...)
Block analyzer detects:
grays out free blocks
Shows class-names for Delphi objects
- TaskView detects some block-types automatically (some intra-page formats only)
- You can select block-analyzer per virtual block:
- Select Borland (Ctrl+Shift+B) to analyze
standard Delphi allocator blocks...
This will show you also Delphi object ClassNames, gray-out free blocks
and show block boundaries...
- Select Heap (Ctrl+Shift+H) to analyze
NT specific Heap blocks (used by LocalAlloc also...)
- Select Stack (Ctrl+Shift+S) to analyze
stack-frames in the page.
(If the thread is known, it shows Except-handler frames in different color...)
- Select None to remove block-analyzer from this virtual block.
- You may select different block-analyzers for different blocks, but you will
need to select them each time you open the process
or if you re-open process by name (Ctrl+Shift+F5)
(which is usefull, if you debug application, stop it, correct, recompile, restart
and want to see, how this place changed... For such re-opening you have
preferably only 1 instance of this name started...)
TaskView contains a transaction editor for 64-bit space editing...
If possible, by key F4 you start editing mode.
(a block-caret is used instead of thin caret)...
You can edit in hex part of view (by entering 2 hex digits...),
or in text part of view by typing text...
(Side is switched by Alt+Right, Alt+Left keys...)
Changes are cached in buffer.
If the space below your change is modified, that place will be shown in bold red...
To write the changes (commit transaction), use F2 key.
Please note, that writing changes is still NOT atomic! (but still much better than writing each byte separatelly as you type...)
You may suspend/resume the process from ProcessView form
(if not already stopped or stepped by your debugger),
before writing changes to prevent a partial value being used by the target...
To Cancel changes (rollback transaction), use Esc key.
If MemView caption has (readonly) appended, the source was not opened
with rights for writing (for ex. SECTION_MAP_READ).
Some data-sources support command acquirewrite to
re-open in write-mode...
Alternativelly, you may select block, save it to disk file
by command savemem . "FileName.dat",
edit in you favourite hex-editor and load into target place by
command loadmem . "FileName.dat".
(For loadmem command, the selected block must be preciselly sized same as input file!
Selected-Block-Size is shown in right/bottom statusbar...)
The loadmem command by-passes transaction editor and writes directly to target space,
same as fill command!
File hex viewer/editor
To open File hex Editor:
Otherwise same as memory editor...
- start by command TaskView.exe /hex "FileName.dat"
(as alternate viewer from your commander?)
- Find opened file handle and select View file from popup-menu.
- From Target-menu (prepared)
By writing changes, LastModified date is NOT updated!
Do so manually in your commander, if desired...
(This is natural of memory-mapped files...)
Disk info viewer
(Opened from HD_Parts page in main task-view form...)
- Shows detailed information about selected partition and disk...
- By command view you open hex-viewer of disk data.
(The viewer supports 1 Tib (1024 Gib) space! Then the address will overflow below first data-byte column...)
The disk-hex-viewer is editable as MemoryView, but remember, that:
- Changes are NOT written atomically.
- System is NOT notified about changes.
You may try to dismount the partition before and/or after
making changes (from Hd_Parts view in main task-view form)...
- Defrag - prepared list of fragmented files with per-file defragment command...(now it does nothing)
- Bitmap - shows, which files are fragmented and how much...
(As a hint on cells, the file-name is shown...)
Run dialog is invoked by Ctrl+R key.
It is a wrapper for CreateProcess and CreateProcessAsUser commands...
It allows you to specify:
You may save the params - pressing button Save as prepares you a command
to save the parameters - you need to fill the name:
- Command and Application - see Win32.hlp, "CreateProcess" topic for description
- Start path - initial directory
- Desktop - here you can specify StartupInfo.lpDesktop...
(useful with AltDesk running)
- Title - this selects saved configuration for cmd.exe ...
- Some flags - see CreateProcess help, dwCreationFlags description...
- Show process-view - open process-view for that process after starting (?)
- Close on run - you may select not-to-close run-dialog to start more commands at once...
- Restriction page:
- Retain privileges - here you may remove some of your privileges from the started process.
(I use this to start some applications without the SeShutdown privilege to prevent them rebooting the computer...)
- Enabled SIDs - here you may disable some SIDs.
(Please note, that you should not disable the primary owner SID,
since the process would not start and could not be killed other way
than by terminating its primary thread...)
- Environment - here you can edit environment of the started process.
- Redirection - this does not work yet.
save "MyParams 1"
Saved param-sets are found in combo-box for fast retrieval...
TaskView consists of more applications, which are invoked by command-line parameters:
- TaskView.exe - opens process-list (main window).
- TaskView.exe /netview - opens NetApi configuration.
- TaskView.exe /reg - opens as reg-edit.
- TaskView.exe /mod /ask - asks to select file for module-view
- TaskView.exe /hex /ask - asks to select file for hex-view (hex-editor)
- TaskView.exe /run - opens run-dialog.
- TaskView.exe /install - installs the above icons
- TaskView.exe /uninstall - uninstalls taskview icons
and registry key HKEY_CURRENT_USER\Software\Semi
- TaskView.exe /modview "FileName.exe" - opens module-viewer on selected file.
This command suits as a viewer on exe&dll-files registered into a commander...
- TaskView.exe /hexview "FileName.dat" - opens hex-view on selected file.
(The file is mapped into memory by 64k windows, so that it needs not be read whole
and it can view a very large file - limited by approx 250Mb...)
The file is usually editable, but writing the changes does not set time-stamp
on the file... (The editing is quite new, so observe well for bugs!)
- TaskView.exe /regexe ... - task-view includes
a reg.exe program
built as a unit...
This includes registry export, import, mounting, searching, getting and setting security descriptor and more...
Requires tvw.exe to send output to TextView, since GUI process may not have real stdout...
TaskView.exe /regexe /h - show help for /regexe options...
TaskView /regexe HKCU\Software\Borland -f ".exe"
find .exe files in delphi keys...
taskview /regexe HKCU HKCR -f "Borland" -flp -fnms -ex -exp -
find and export Borland keys from registry...
(The -flp option - find logical parents - selects
a logical parent of find-hit - mostly the whole software-vendor key...
The option -fnms - no MS - prevents selecting
Software\Microsoft key, since it contains almost all hits as cached
from open-dialogs and explorer...
The -ex option gives extended format
with expand_sz contents commented and last-write times.
The -exp - exports find-hits in REGEDIT4 compatible
format into std-out, which is shown in TextView.)
- TaskView.exe /diskpoll - opens disk-poll dialog.
You may select drives, which task-view should poll to prevent
them going sleep. Polling is done by periodic (2min) writing into
file "\$TvPoll.tmp". (I use this option to allow sleeping of old 3rd disk,
while keeping both new disks waken whole day, optionally letting them sleep at night by unchecking here...)
- TaskView.exe /hdview C: - open disk-view form
- TaskView.exe /proc "Explorer.exe" page mods - open module-view of Explorer.exe process (first found)...
- TaskView.exe /page ObjDir node BaseNamedObjects - an interesting list...
- TaskView.exe /reg HKCU\Software\Borland - open that key