none
expand to %temp% RRS feed

  • Question

  • Hello --  there is a procexp.exe and procexp64.exe in the (my) sysinternals folder -- why,  when I run  procexp64.exe  from the start menu  (run)  there is a copy written to %temp% Thanks 
    Monday, October 19, 2020 8:35 PM

Answers

  • Running Procmon during the execution of prcess Explorer explains what happens..

    As you can see, the first "procexp64 /e" terminate itself and start "procexp /e", which in turn expand and start from the temp folder the 64 bit version..

    So, it turns out that when you start process Explorer requesting UAC elevation it execute the 32 bit version as administrator, and that perform the system discovery and if understand that it is on a 64 bit system expand in the temp folder the 64 bit version and start it again.. may be the logic for the elevation is only in the 32 bit version..

    Anyway, i think this is by design..

    HTH
    -mario

    • Marked as answer by fpefpe Wednesday, October 21, 2020 2:23 PM
    Wednesday, October 21, 2020 7:24 AM

All replies

  • Are you sure?

    What you describe is exactly what happens if you run teh 32 bit version on a 64 bit machine.. it detects the os is 64 bit, and expand the 64 bit version in the temp folder and runs that instead f teh 32 bit because it needs to load the correct bitness device driver.

    HTH
    -mario

    Tuesday, October 20, 2020 7:35 AM
  • Hello --- the first image is how I have it set up on my computer --- even with the same folder c:\sysinternal 

    I have it in my startup folder to start when I login --- the issue is from time-to-time  I need to restart procexp using the /e  option. so I  end the current instance and re-start it  from the "run"  item in the start menu  typing procexp64 ( c:\sysinternals is in the path ) or from a command window and  in both cases I find a procexp64.exe  in the %temp% folders 

    Tuesday, October 20, 2020 9:30 PM
  • Running Procmon during the execution of prcess Explorer explains what happens..

    As you can see, the first "procexp64 /e" terminate itself and start "procexp /e", which in turn expand and start from the temp folder the 64 bit version..

    So, it turns out that when you start process Explorer requesting UAC elevation it execute the 32 bit version as administrator, and that perform the system discovery and if understand that it is on a 64 bit system expand in the temp folder the 64 bit version and start it again.. may be the logic for the elevation is only in the 32 bit version..

    Anyway, i think this is by design..

    HTH
    -mario

    • Marked as answer by fpefpe Wednesday, October 21, 2020 2:23 PM
    Wednesday, October 21, 2020 7:24 AM
  • Thanks for that info --- sort of a round-a-bout way of doing this 
    Wednesday, October 21, 2020 2:24 PM