This is a continuation of my previous posting (Using Process Explorer to tame svchost.exe - Advanced topics) which introduced the excellent Process Explorer program, a souped up version of Task Manager. According to the author, "Process Explorer works on Windows 9x/Me, Windows NT 4.0, Windows 2000, Windows XP, Server 2003, and 64-bit versions of Windows for x64 and IA64 processors, and Windows Vista." And, it's free.
When a computer is running slow, people sometimes guess at the underlying problem. An experienced Process Explorer user doesn't have to guess.
As computers go, the one in the picture is pretty boring, it's a Windows XP virtual machine with next to nothing installed. Chances are, a similar display on your computer will reveal two or three times as many processes.
The Process Explorer window is extremely configurable, the next posting will cover installing and configuring the program. The screen shot shows eight data fields, those I find the most useful. I also like to include I/O counts but left them out here for space reasons. This is one application that really benefits from a wide screen display.
The columns in the middle are what first attracted me to Process Explorer - the description of the process, the name of the company that created the process and, most importantly, the executable file running in the process. Just knowing the directory that a program is running out of has been useful in and of itself. The CPU History column is also vital, with spikes of green showing processes consuming large amounts of the processor over the last few minutes.
To get information on a running process in Process Explorer, double click on the process name. This opens a properties window (see below) with nine tabs.
Earlier I noted the difficulty in pinpointing a performance problem to a Windows service* running inside an instance of the svchost.exe process. This is because Process Explorer breaks down processes by thread rather than by service. Even when a process hosts a single service, there can can be multiple threads. But all is not lost.
Go to the Threads tab, expand the CPU column and click on the column heading to sort the list of threads by their current CPU usage.
To see more information about a thread highlight it and click on the Module button just below the list of threads. This displays the properties of the file underlying the thread (see below). The properties window opens in the General tab, go to the Version tab. This isn't foolproof, but you may get lucky, as in the example below, where the file/module is obviously the DNS Caching Resolver Service.
Another useful tab is Services, which, as you can see below, provides information on the services, if any, running inside the target process.
Sometimes a necessary program on your computer can get in the way. If, for example, you're facing a deadline and the computer is running a full hard disk scan, it may become so slow as to interfere with your work. Such was the problem Peter Butler faced. While your knee jerk reaction may be to cancel the interfering software, on a corporate computer this can be problematic. Process Explorer offers a couple less intrusive options - it can slow down or freeze a program in its tracks.
Slowing down a running program/process is something Task Manager can also do. In both Task Manager (from the Processes tab) and Process Explorer, right click on the name of the process and select "Set priority" from the pop-up menu (see below). The default priority is "Normal", changing it to "Below Normal" lowers the priority one notch. Changing it or "Low" (in Task Manager) or "Idle" (in Process Explorer) lowers it two notches, and should let you get your work done with a minimum of interference.
Freezing a process is something Task manager can not do. In Process Explorer click on "Suspend" after right clicking on the process name. By default, Process Explorer displays suspended processes as dark gray. If a suspended processes was running a visible application, the application window can't be minimized, resized or even re-painted when another window covers it up. To resume the application, right click on the process name again and select "Resume".
There is one caveat however, some processes do not allow their priority to be changed. I don't know a way around that.
Next time, installing and configuring Process Explorer.