The columns that are displayed are configurable. (See Figure 1.)īy default, as soon as it comes up Process Monitor starts scrolling thousands of lines of data about the activities going on with most of the processes on your system. The screen for Process Monitor is displayed below. From then on, you'll be able to run it without seeing that initial screen. The first time you launch it, you're presented with an agreement that you should click to agree with. exe file that can be run either from the command line or from Windows Explorer. The best way to understand Process Monitor is to actually use it, so the first thing to do is to download it from their site: Personally, I use it the most when I want to track activity on a particular file or track exactly what a certain process is doing. With Process Monitor, you can capture process details, including image path, command line, user and session ID configure the GUI to have it present whatever columns are of interest set include/exclude filters for any data field-even those whose columns are not displayed and much more. Don't worry, though-you'll learn how to filter the data so that you can hone in on exactly what you want to monitor without being overwhelmed with data you don't care about. In fact, its default configuration makes it too good because you are quickly overwhelmed by how much data gets presented to you. Process Monitor is great for monitoring all the activity that goes on for all the processes on your system. Another tip talks about their Process Explorer, so I thought I'd introduce you to their Process Monitor tool. Easily terminate any process (and all its sup-processes if necessary), boost the priority of any process to make it run faster, and much more.The folks at Sysinternals produce some high-quality and very useful Windows tools. Process Explorer has many other interesting features. Here we can see that the counters.dat file used by iTunes is also being held by Explorer and QuickBooks: Here we see that iTunes (being run as a service with AlwaysUp) is using the “counters.dat” file:Īnd perhaps most useful of all, Process Explorer can help you track down which application is preventing you from deleting a file or folder! Choose Find > Find Handle or DLL… and search for the file by name. You can review all DLLs loaded, or even better, see all the files, registry keys and other objects locked by a process by viewing Handles for the lower pane ( View > Lower Pane View > Handles). You can start, stop, restart or even change the permissions of the Spooler service from the Services tab:īack on Process Explorer’s main screen, summon the Lower Pane ( View > Show Lower Pane) for some serious detective work. For example, here is what is shown for spoolsv.exe, the Windows Print Spooler: All Windows Services run under the wninit.exe > services.exe branch:ĭouble-clicking an entry allows you to dig into a specific process. The interface automatically refreshes itself every few seconds to highlight processes as they come and go. When launched, Process Explorer shows a colorful tree of all the active processes. Think of it as the “Task Manager on steroids”, with the ability to show all processes, threads, handles, and of course, Windows Services running on your PC. If you want to understand what’s really going on with the programs on your computer, then look no further than Microsoft’s excellent (and free) Process Explorer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |