Process Explorer, Part 2

More about the excellent Process Explorer program.

Michael Horowitz

Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.

Disclosure.

See full bio

Michael Horowitz

Feb. 11, 2008 8:18 a.m. PT

4 min read

This is a continuation of my previous posting (Using Process Explorer to tame svchost.exe - Advanced topics) which introduced the excellent Process Explorer program, a souped up version of Task Manager. According to the author, "Process Explorer works on Windows 9x/Me, Windows NT 4.0, Windows 2000, Windows XP, Server 2003, and 64-bit versions of Windows for x64 and IA64 processors, and Windows Vista." And, it's free.

When a computer is running slow, people sometimes guess at the underlying problem. An experienced Process Explorer user doesn't have to guess.

Below is the main Process Explorer window. There's a lot going on here, you may want to, click here for a larger version of the image.

Process Explorer - The Main Window

As computers go, the one in the picture is pretty boring, it's a Windows XP virtual machine with next to nothing installed. Chances are, a similar display on your computer will reveal two or three times as many processes.

The Process Explorer window is extremely configurable, the next posting will cover installing and configuring the program. The screen shot shows eight data fields, those I find the most useful. I also like to include I/O counts but left them out here for space reasons. This is one application that really benefits from a wide screen display.

The columns in the middle are what first attracted me to Process Explorer - the description of the process, the name of the company that created the process and, most importantly, the executable file running in the process. Just knowing the directory that a program is running out of has been useful in and of itself. The CPU History column is also vital, with spikes of green showing processes consuming large amounts of the processor over the last few minutes.

Properties of a Process

To get information on a running process in Process Explorer, double click on the process name. This opens a properties window (see below) with nine tabs.

Earlier I noted the difficulty in pinpointing a performance problem to a Windows service* running inside an instance of the svchost.exe process. This is because Process Explorer breaks down processes by thread rather than by service. Even when a process hosts a single service, there can can be multiple threads. But all is not lost.

Go to the Threads tab, expand the CPU column and click on the column heading to sort the list of threads by their current CPU usage.

Properties of a Process - Threads Tab

To see more information about a thread highlight it and click on the Module button just below the list of threads. This displays the properties of the file underlying the thread (see below). The properties window opens in the General tab, go to the Version tab. This isn't foolproof, but you may get lucky, as in the example below, where the file/module is obviously the DNS Caching Resolver Service.

Version Property of a Module/File

Another useful tab is Services, which, as you can see below, provides information on the services, if any, running inside the target process.

Properties of a Process - Services Tab

Setting Priorities

Sometimes a necessary program on your computer can get in the way. If, for example, you're facing a deadline and the computer is running a full hard disk scan, it may become so slow as to interfere with your work. Such was the problem Peter Butler faced. While your knee jerk reaction may be to cancel the interfering software, on a corporate computer this can be problematic. Process Explorer offers a couple less intrusive options - it can slow down or freeze a program in its tracks.

Slowing down a running program/process is something Task Manager can also do. In both Task Manager (from the Processes tab) and Process Explorer, right click on the name of the process and select "Set priority" from the pop-up menu (see below). The default priority is "Normal", changing it to "Below Normal" lowers the priority one notch. Changing it or "Low" (in Task Manager) or "Idle" (in Process Explorer) lowers it two notches, and should let you get your work done with a minimum of interference.

Changing Priority

Freezing a process is something Task manager can not do. In Process Explorer click on "Suspend" after right clicking on the process name. By default, Process Explorer displays suspended processes as dark gray. If a suspended processes was running a visible application, the application window can't be minimized, resized or even re-painted when another window covers it up. To resume the application, right click on the process name again and select "Resume".

There is one caveat however, some processes do not allow their priority to be changed. I don't know a way around that.

Next Up...

Next time, installing and configuring Process Explorer.

*A service is a special type of Windows program. Most services are part of Windows, the previous posting discussed the Automatic Updates service and the Task Scheduler service. Applications can also install their own services. In Windows XP services are managed from the Administrative Tools applet in the Control Panel.
Note: This posting is based on Process Explorer version 11.04, which was current at the time this posting was written. The screen shots were taken on a machine running Windows XP.

See a summary of all my Defensive Computing postings.