The even greater wonders of Process Explorer

May 23, 2007 at 2:57 pm (Microsoft, Networking, Sysadmin, Tech, Tech support, Troubleshooting)

Last week I wrote about ;The Wonders of Task Manager. This was to highlight some of the lesser-known yet immensely useful features of the Microsoft Task Manager. Task Manager is one of the most common tools I use and over the years I’ve learned to love it with the special kind of love a craftsman reserves for his favorite tools. Well wouldn’t you know? The very next day fate decided to play a little game with me and introduce me to what has become my new flame. Yes, it’s true, my faithless heart has discarded the faithful task manager, replacing it with a newer, shinier and even more useful tool. – Process Explorer.

It’s been a week, and while some might say my judgment is clouded by immense feelings of bliss, I will say that Process Explorer is the new love of my life (and by “life” i Mean an indeterminable time period spanning from last week until something even better comes along.) Developed by Well-known Microsoft developer Dr. Mark Russinovich. It is designed to duplicate many of the functions of Task manager, allowing you to see performance statistics such as the amount of CPU cycles being used, How much memory is currently being used by applications, What apps and processes are running etc. In fact it even comes with an option that allows you to replace the older task manager with the new tool so that it will launch every time you would normally launch Task Manager.

The difference between Task Manager and Process Explorer is in the detail you can view. Process Explorer allows you to get far more details about not only which processes are running, it will also let you get the skinny on what files,registry keys , threads etc are used by the process. This can be very useful when trying to troubleshoot why a certain process is consuming an inordinate amount of resources. It can also be extremely useful if you’re analyzing a process to determine if it’s legit or possible Malware.

Process Explorer also has a System Information screen closely resembling Task Manager’s Performance tab, the main benefit being again more detail, another nice benefit is that it displays I/O bytes as well as CPU and Memory usage.

I strongly recommend trying it out for yourselves. The tool is freeware and can be downloaded from Microsoft. I’d be interested to hear other views on this great tool, so feel free to leave a comment.

Advertisements

Permalink Leave a Comment

The Wonders of Task Manager

May 17, 2007 at 8:19 am (Active Directory, Microsoft, Networking, Sysadmin, Tech, Tech support, Troubleshooting)

Any person who’s done any kind of Windows troubleshooting, from experienced admins down to common end users has probably at some point dealt with the Windows Task Manager. This tool is not only incredibly useful, but also fairly simple to use, even for novices. It can list running applications and processes as well as CPU, memory and network usage. I don’t know a single tech or admin that doesn’t use it close to daily.

However it sometimes surprises me how many techies don’t know some of the more advanced features of Task manager. Some of these features may not get used so often, but they can REALLY help a troubleshooting scenario. So I figured I’d cover some of them here in case anyone’s interested.

The first feature I’d like to mention is known as “Go to process”. This feature is accessed from the application, and can be very useful if you a hung application which won’t shut down when you select “end task”. By right-clicking on the application and selecting “go to process” it will switch you over to the processes tab and automatically select the process that’s being run by the app so you can end the process. This is very useful for applications that run under unusual or generic process names or in cases where you run multiple instances of an app such as MMC consoles (I usually run bunches of these) and you need to know which instance of mmc.exe you need to close.

Another common scenario I witness is a tech or admin that’s looking at the Performance tab to see how much memory is being used and then looks at the Processes tab to determine which processes are consuming the amount of memory that task manager reports being used. Often this leaves them stumped because the amount of memory shown in use seems far greater than the total memory shown used by various processes.

While most Admins know tocheck the “Show processes from all users” check box to show all the processes run on the machine, many fail to realize that the numbers in the “Mem usage” column only show the amount of physical RAM used. In the performance tab both physical as well as virtual memory usage is shown which can be confusing. To get a clearer picture of the total memory being used by a process (both physical and virtual) you can simply go to “View” and “Select columns” then check “Virtual memory size”. This will let you know how much of the pagefile any given process is using. I’ve found that certain apps like virus or spyware checkers can hog up massive amounts of virtual memory while consuming relativly little physical memory.

There are many other options you can select under the “Select column” option such as “CPU time, Page Faults, Thread count” etc, many of these can be incredibly useful in various troubleshooting scenarios, but Virtual memory size is by far my favorite and I sometimes wonder why it’s not selected by default.

The last feature I’ve learned to love in certain situations is “New task”. This feature pretty much duplicates the normal “Start – run” that all techs should be familiar with, the reason I mention this feature is because it can often be used in cases where you just can’t get to the start button. Most often this is the cases when there’s a problem with explorer.exe, say your windows GUI has become unstable or non-responsive, but you can still access the task manager. In this case I’ve found that killing the explorer.exe process through task manager will often correct the problem, but will leave you without a start button or taskbar which of course can be very problematic. Using Task manager’s “New Task” feature to restart explorer.exe will bring everything back to normal and save you the hassle of rebooting the system.

These were a few of my favorite task manager tricks. Anyone else have any they would like to share? Comments and questions always appreciated

Permalink 1 Comment