Sysinternals Tools — Process Explorer and Process Monitor
On Windows platform, there are times when one has to troubleshoot problems related to file access, registry access, locks, CPU usage, memory usage etc. You can only go so far with the in-built Task Manager.
These free tools have existed in developers tool-belt for decades. Microsoft had acquired company behind these tools and made available for download at the link above. If you are debugging issues in your application, in the areas mentioned above, then I suggest you give these invaluable tools a try.
Process Explorer
This is super-charged Task Manager! It monitors all running process and displays files, registry keys and thread loaded by each of these.
Some common troubleshooting tasks where Process Explorer can be used are:
- From where is your app loading a specific dependent files?
- What arguments, environment variable like PATH, is your application ‘seeing’?
- What child process or parent process are launched with your application?
- What is the memory, CPU, disk and network usage of your application?
- Which process is locking file which you are trying to delete?
When you launch, you will see all the process hierarchically listed as below. You can click on the ‘Process’ column to see non-hierarchical, order list of all process names. If the lower pane is not visible, choose menu View->Lower Pane View->DLL or Handles.
If you have launched tool as ‘non-administrator’, you will not be able to view details of all process. Choose File->Show Details from All Processes to relaunch the tool as ‘administrator’. Also to view process from all users, choose View->Show Process From All User.
Double-click on any process to see various properties of it. Right-click on process to see various actions that you can take on it including killing it.
Similarly in the lower pane you can right-click on any DLL or handle and view it properties.
Use the Find menu to search for any DLL or handle. Result will show each item that satisfies the search criteria, even when you use partial names.
What more! If you became a fan of this tool, you can replace it for actual Task Manager! And revert back to Windows Task Manager when needed. Choose Options->Replace Task Manager.
Download the tool from here. You will also find more references at this link.
Process Monitor
This monitors and logs all the processes in the systems. Unlike Process Monitor which shows current state, Process Monitor logs can be used to see what file, registry, network and thread activities did the process attempt and whether it was successful or not.
One of the common troubleshooting task this tools helps to investigate is the ‘Access Denied’ event on file or registry.
Since the tools logs all the events, the interface can get flooded with millions of events very quickly. There are exhaustive filters that can be applied to capture only the relevant events. Some common filters that can be applied are: monitor specific process, monitor only file activity, monitor only non-SUCCESS activity.
You can set filters using menu ‘Filters’.
You can also easily build the filters by right-clicking on a specific column value in the log list and right-click and choose ‘Exclude’ or ‘Include’.
Another neat feature is being able to highlight rows with specific conditions (Menu Filter->Highlights…)
If required, you could save the captured events to a file and load it for later analysis.
Download the tool from here. You will also find more references at this link.
Additional Video References:
Windows Sysinternals Primer: Process Explorer, Process Monitor, and More
Explore Sysinternals primer — Ignite 2016 edition (Process Monitor demo starts at 26 minutes)
