Windows SYSInternals Process Explorer 15.04

If you’ve ever had a problem with your computer, perhaps it’s running slowly or a strange, new program has appeared which you don’t recall installing etc, and a search of computer help forums suggests you open Task Manager to see what programs, or processes in particular, are running, you might well be bemused at exactly what you are looking at.

Task Manager, which monitors what the computer is doing at any time, can be opened by right-clicking on the taskbar and lists any open applications (that is the programs you are actually running); it also monitors system performance (CPU and PageFile usage), network performance etc, and what processes are running. You might be surprised to discover that, even when you aren’t running any applications of your own, there are lots of things going on in the background.

Whereas there may be many entries in the Task Manager/Processes list, apart from the process name, current CPU and memory usage each is taking up, there’s little other helpful information, and unless you actually know what they all mean, you’re unlikely to find the list particularly helpful.

As you can see from the picture above, there are over 50 processes beavering away on my computer, including several processes relating to some applications I’ve got running, such as GOM Media Player, this Word Processor, a messenger chat program etc. There are, also, a lot of processes running, which are nothing to do with my applications such as svchost.exe, BCUService.exe; in fact, svchost, a generic term for a process which hosts a Service, appears several times in the list, ctfmon, spoolsv, rundll32, smss and crss, amongst others.

As you can see, Task Manager can help you to a basic degree by showing you what your computer is doing; however, it would be much more helpful to know the specific services which are currently running and what programs those strange process names actually relate to, from which you can determine whether they’re benign, malicious or even necessary.

Microsoft Windows Sysinternals is a collection of utilities which include programs (which have been around for some time but aren’t particularly well known), for monitoring and diagnosing Windows problems, one of which is Process Explorer.

Process Explorer is very similar to Task Manager; it includes many of the same features such as logged on Users, monitors for memory and CPU usage etc, but it also includes a much more detailed process list.

The program, which is entirely free, is only 1.5mb including a detailed help file, and is available for download or it can be run directly from Live.Sysinternals.com; the program does not need to be installed, but runs directly from the executable. This is particularly handy if, perhaps, you want to run the program from a portable drive on a friend’s computer in order to monitor their system. (Why don’t all programs work this way?)

What’s immediately apparent from the picture above is that considerably more information is listed concerning each of the processes in Process Explorer, than in Task Manager; the colour coding of each entry, which is customizable, also helping to distinguish each type of process running. By default, the customizable information columns list the Process ID, CPU usage, memory usage, a description of the process and the process’s publisher.

You probably know that, as shown in Task Manager, the generic host name for a service which is hosting a process is svchost.exe; however, little more information as to exactly what process is being hosted is given.

The picture above shows the information detailed in Process Explorer when the mouse pointer is hovered over each task. As you can see, the highlighted svchost.exe is actually running almost thirty different processes.

Double clicking on the entry opens a window within which you can dynamically monitor in detail exactly what is going on with that process, stopping and restarting etc, for debugging purposes etc.

The last feature I want to mention here is the System Resources Monitor, which is represented in miniature along the top of the main screen, but which can be opened in a window as in the above picture, and graphically monitors, in real time, CPU and Memory usage etc.

The list of features are to numerous to go into detail individually, and many of the more powerful options probably wouldn’t be necessary to many users, but I would imagine that anyone, who has ever had occasion to open Task Manager for any reason, would find it very helpful. There’s even an option on the program’s menu to replace the original Task Manager entirely, which is helpful, especially as Process Explorer is probably what Task Manager should have been in the first place.

PiAnt

2 Comments on "Windows SYSInternals Process Explorer 15.04"

  1. Lateisha says:

    Play informative for me, Mr. internet wtrier.

  2. adumpaul says:

    Nice article.Thank you.

Got something to say? Go for it!

*