Replace Task Manager with Process Explorer x64
August 6, 2010 3 Comments
Process Explorer has a “Replace Task Manager” option. On x64 Windows, this doesn’t work right. Instead of replacing Task Manager, it ensures that Task Manager can never run.
This feature works through an image hijack. What is supposed to happen is Process Explorer is supposed to register itself as the debugger for Task Manager. It doesn’t act as a debugger, instead, it just launches itself.
Here is the garbage that gets written by default.
The Debugger value should be the fully qualified path to where procexp.exe lives. Unfortunately, procexp wrote some garbage in there.
Set-ItemProperty 'HKLM:\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe' -name Debugger -value "C:\Program Files\Sysinternals\procexp.exe"
Now Task Manager is magically Process Explorer.
Brian Reiter's Thoughtful Code 
thanks, that was useful
Unfortunately process explorer didn’t get placed in the programs folder when I ran it. Thus I offer the following instructions.
Notes: Playing around in your registry can be hazardous to your computer!
denotes a right click
when editing the registry, do not edit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
You may need administrator privileges.
1. Download copy to\Move to at http://what-what.net/windows-7-trick-add-copy-tomove-to-right-click-on-your-right-click-option.html (Follow the directions given there and run the tweaks)
2. Download Process explorer at http://technet.microsoft.com/en-us/sysinternals/bb896653 (remember where you put it)
3. Click start, (or the windows button on your keyboard) < computer (right click) on program files < new (Right click) process explorer64 < copy to < computer < C: (or wherever your program files are stored) < Program files < Sysinternals < Copy and close.
5. Click start < Run (or the windows button + r) – type regedit in the box < OK < HKEY Local Machine < Software < Microsoft < Windows NT < Current Version < Image File Execution Options (right click) on debugger < Modify – in the text box type C:\Program Files\Sysinternals\procexp64.exe and close.
Push Ctrl-Alt-Delete or right click on on the task bar, < start task manager and get process explorer!
If you run procexp often (as I do) you can place a shortcut on your task bar as well.
I hope this helps someone.
When I replaced the task manager with sysinternals process explorer, the registry looked correct on win7 x64 but when I click “start task manager”, process explorer would start and display command line options as if i ran it with procexp.exe /?. I’ve reviewed the registry one more time but still puzzled.
Have you experienced this at all? If so, were you able to solve it?