Dig deeper into Windows to find the source of problems

XP's Event Viewer and Vista's Windows Event Logs can help diagnose system woes, but Sysinternals' free Process Explorer gives you the real inside scoop.

Some people like to know everything there is to know about what their PC is doing. Not me. I just want the dang thing to work, and when it stops working, I want the simplest, surest, fastest, and cheapest fix available, skip the details.

This puts me at odds with PC pros who believe there's nothing blissful about tech ignorance. Okay, I see their point, but there are a world of things I'd rather be doing than scrolling through Windows event logs.

When I described ways to diagnose a hanging application , several readers took me to task for not mentioning XP's Event Viewer and Vista's revamped Windows Event Logs, nor the free Process Explorer utility from Sysinternals. While all three tools provide a great amount of detail about what your system is up to, they are designed for IT folks. Figuring out how to make sense of their logs is daunting for non-techies.

Zero in on errors and warnings
It's one thing to know what the problem is, but quite another to solve it. XP's Event Viewer helps more with the former than the latter. Open it by right-clicking My Computer and choosing Manage > Event Viewer. Double-click one of the entries in the right pane, or click the plus sign next to Event Viewer and select it in the left pane, to view the event log for that category. Double-click one of the log entries to see more details about it. The ones you're most likely to be interested in are labeled "Error" (with an X in a red circle) or "Warning" (with an exclamation mark in a yellow triangle).

Windows XP Event Viewer Properties dialog box
Double-click an entry in XP's Event Viewer to view more details about it. Microsoft

If you click the link promising more information, the chances are you'll be directed to a page on Microsoft's Help and Support Center that offers only general information, or none at all. You're more likely to find an explanation by entering the Event ID and Source into a Web search engine and looking for a link to a support forum. This is far from a guarantee that you'll find a fix for your specific problem, however.

Vista's improved event logs
The event logs have been revamped in Vista to give you more viewing options, but unfortunately, the end results are about the same. Open Vista's event viewer by pressing the Windows key (or Ctrl-Esc if your keyboard lacks such a key), typing event viewer, and pressing Enter. Events are summarized in the middle pane, and the right pane provides options for changing your view or saving a log. Click Administrative Events under Custom Views in the left pane to see all errors and warnings in the logs.

Windows Vista Event Viewer summary of Administrative Events
Vista's Event Viewer provides a summary of errors and warnings in its log. Microsoft

New look, same results
Vista's enhanced event view is nice, but in terms of figuring out how to fix the problems, the results are about the same as in XP. After being led down a few dead alleys, you may ask yourself if these tools are worth the time and effort. Depending on the severity of the problem, you may be better off living with it in hopes that some Windows or application update provides a remedy.

If you're not ready to abandon your quest for a solution, give Process Explorer a try. The program lists all the processes running on your system. Select one in the top pane, and all the files and Registry keys it is using are listed in the bottom pane. Or click View > Lower Pane View > DLL to see the DLLs the process is using.

Sysinternals Process Explorer utility
Sysinternals' free Process Explorer shows the DLLs and other files being used by all the processes running on your system. Sysinternals

You can also determine which programs are using a specific DLL by clicking Find > Handle or DLL, entering the name of the DLL, and pressing Enter. Select the process in the search-results pane to highlight it in the main Process Explorer window.

You can tell that a program has stopped responding but failed to close by noting the amount of memory it uses: If this stays constant, the program has likely stalled. Determine whether a program is using the appropriate version of a DLL by double-clicking it to open its Properties dialog box. Note the version number and date, as well as the file path to ensure that it's stored where the programs that need it are looking for it.

Often the only "repair" option available for problem programs is to uninstall and reinstall them. You'll find more information about using Process Explorer to diagnose system glitches at Sysinternals' forums. I only wish that someday we'll be able to fix problem apps without having to become software engineers.

Tomorrow: troubleshoot your browser.

About the author

    Dennis O'Reilly began writing about workplace technology as an editor for Ziff-Davis' Computer Select, back when CDs were new-fangled, and IBM's PC XT was wowing the crowds at Comdex. He spent more than seven years running PC World's award-winning Here's How section, beginning in 2000. O'Reilly has written about everything from web search to PC security to Microsoft Excel customizations. Along with designing, building, and managing several different web sites, Dennis created the Travel Reference Library, a database of travel guidebook reviews that was converted to the web in 1996 and operated through 2000.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments