If you’ve been around Windows for awhile, you’re already familiar with the work of Mark Russinovich and Bryce Cogwell at http://www.sysinternals.com. Among the finest tools they offer are: Regmon for monitoring reads and writes to the registry; Handle for listing open handles to the system; ListDLLs for monitoring all loaded DLLs and their paths; and my favorite, Process Explorer.
Choosing a favorite tool from these guys isn’t easy. Your idea of favorite changes with the nature of the problem you’re chasing; but Process Explorer is often used in conjunction with their other utilities, and you’ll often find that you start the job of troubleshooting using Process Explorer.
Let’s take a look.
When Process Explorer starts, it’s usually missing a couple handy settings, so we’ll get started by turning those features on. First, lets turn bring a couple new columns in to the top pane. Click the View menu and click Select Columns.
Choose to turn on the Window Title and Image Path columns.
This will allow you to identify the Window and the path from which that Window is executing.
Next, we want to turn on the lower pane of the Window. Click View > Lower Pane View > DLLs. This will allow you to view all the DLL files loaded by the particular process highlighted in the top pane.
Here’s a quick hint: you can switch from DLL view to Handles by pressing Ctrl + H. You can switch back again by pressing Ctrl + D.
Notice that Process Explorer also shows a running graph in its tool bar of the current system performance. If you allow your mouse to hover over a spot in the graph, Process Explorer will reveal what process was being watched and how much of the system it was using.
As I’m writing this I don’t have any problems to solve; but if I did have a problem, I’d be able to load the Windows XP Debugging Symbols and connect a debugger to any process shown. I can also amuse myself by exposing little bits of vendor shame. For example, we all know Microsoft and we all know they ‘bet the company’ on .Net. It tickles me to no end to discover that Microsoft Anti-Spyware Beta, a product from Giant Software (a company Microsoft bought) is written in good old Visual Basic. Don’t believe it? Select gcasDTServe.exe from the process list. Right click it and choose Properties.
Click the Threads tab. What’s this? MSVBVM6.dll is loaded? For a service? For a modern Microsoft app?
Obviously, there are a lot of things you can do with Process Explorer and all of them are quite handy when you’re in the middle of that tough troubleshooting session. The fellows at SysInternals have also been quite thoughtful about the footprint and portability of their tools. None of the utilities require installation and all are small enough to fit on almost any media type. The complete collection of system utilities consumes a meager 9 megabytes of my hard disk!
Go get a copy of Process Explorer today and learn how to use it. I’m sure you’ll agree this is one of the most intuitive and useful troubleshooting tools you’ll find for Microsoft Windows and its applications!