Windows optimize

Identify and get detailed information about processes in Windows 7

Greg Shultz shows you how to use Windows Task Manager to track down detailed information about any process running in Microsoft Windows 7.

In my October 5 blog post, "Investigate Memory Usage with Windows 7 Resource Monitor," I showed you how to use the detailed information displayed in Microsoft Windows 7 Resource Monitor to investigate memory usage. I went into quite a bit of detail while describing the Processes table on the Memory tab. As I mentioned, the Image column shows the process's executable file name, and the processes that represent applications are easy to identify. For example, it's obvious that the notepad.exe process corresponds to Notepad. However, not all processes are as easy to figure out.

Since that blog was published, I have received numerous questions from readers wanting to know how to go about identifying those processes with executable file names that are not as easy to identify. Fortunately, there is a way to learn a great deal about any and all processes in Windows 7. However, you have to switch over to Windows Task Manager to make it happen.

In this edition of the Windows Desktop Report, I'll show you how to use Windows Task Manager to track down detailed information about any process running in Windows 7.

This blog post is also available in PDF format in a TechRepublic download.

Launching Task Manager

There are several ways that you can access Windows Task Manager in Windows 7. Of course, you can right-click on the Taskbar and select Start Task Manager from the context menu or you can press [Ctrl]+[Shift]+[Esc]. You can also call up Task Manager by launching its executable file. To do that, just click the Start button, type taskmgr in the Start Search box, and press [Enter].

Once Windows Task Manager is up and running, select the Processes tab.

The Description column

When you access the Processes tab, take a closer look at the columns, and you'll notice the Description column. As you can see in Figure A, this column provides a fairly detailed description for each process.

Figure A

The Description column provides very useful information for identifying processes.

Select Process Page Columns

If you want more detailed information than is displayed in the Description column, you can pull down the View menu and choose the Select Columns command to reveal the Select Process Page Columns dialog box, shown in Figure B. You can then get more descriptive detail by adding other columns such as the Image Path Name, which shows the full path to the file behind the running process, or the Command Line setting, which shows the full command line, including the parameters or switches used to launch the process.

Figure B

You can get even more detailed information by adding the Image Path Name and Command Line columns to the Processes tab.

In addition to these two items that will help you identify a process, you can see that there are a number of other columns you can add to the Processes tab. These can also provide you with all sorts of information that can be used in conjunction with the information provided by Windows 7's Resource Monitor.

As you can see, the Select Process Page Columns dialog box contains 30 items, and describing them all here is beyond the scope of this article. However, you can check out the What Do the Task Manager Memory Columns Mean? page on Microsoft's Windows site to find out what information each reveals.

Open File Location

In addition to adding the Image Path Name and Command Line columns to the Processes tab, you can right-click on a process and select the Open File Location command. When you do, Windows Explorer will open that folder so that you can see all the other files associated with the process. For example, I right-clicked on the hqtray.exe and selected the Open File Location, and Windows Explorer opened the VMware Player folder, as shown in Figure C.

Figure C

Using the Open File Location command reveals the folder in Windows Explorer.

Properties

Other information about a process can be gleaned by right-clicking on a process and selecting the Properties command. Doing so opens the file's standard Properties dialog box. You can then select the Details tab, as shown in Figure D.

Figure D

On the Properties tab you can find more detailed information about a process.

Using Tasklist

If the process you are interested in learning more about is listed as Svchost.exe, you can use the Tasklist command-line tool. To begin with, Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). To learn which services are running in a Svchost.exe process, open a Command Prompt and use the command

Tasklist /svc /fo list

When you do, you'll see a list of all the currently running processes. Just scroll through the list and look for the Svchost.exe processes, and you'll see a list of all the services that are running under it, as shown in Figure E.

Figure E

The Tasklist command will show you what services are running under a Svchost process.
Once you have identified the services, take note of the PID (Process Identifier) number of the Svchost.exe process. Then, return to Windows Task Manager and select the Services tab. Now, select the PID column header to sort the list by PID number. At this point, locate the PID number you noted and check the Description column for more information, as shown in Figure F.

Figure F

With the PID number, you can track down the Description on the Services tab.

Unfortunately, the information is pretty basic, but at least you will have a better understanding of what is happening behind a Svchost process.

What's your take?

Have you used Windows Task Manager's features to track down details of running processes? If so, what has been your experience? As always, if you have comments or information to share about this topic, please take a moment to drop by the TechRepublic Community Forums and let us hear from you.

Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!

About

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

15 comments
flotsam70
flotsam70

+1 for Sysinternals Process Explorer and its advanced features. That said, it is nice to know that task manager now includes an image path column (conspicuously absent from XP's task manager).

mikeskid
mikeskid

When I type Tasklist /svc /fo list in start/search programs and files, the list pops up and immediately disappears. What am I doing wrong? I appreciate any help,. OOPS!!! NEVERMIND. I needed to open a command line.

Rodo1
Rodo1

...is Process Explorer from SysInternals by Mark Russinovich. I am assuming it works for Win 7; I use it in XP. It has all the features of Task Manager and much more. Edit: I'll make it easy for you. Mark's tools (there are many others) can be found here: http://technet.microsoft.com/en-us/sysinternals/default.aspx

robert.johnson2
robert.johnson2

If you want to see what services are actually being run under the auspices of the svchost.exe instance, right click and select "Go to service(s)" in Task Manager. This will jump to the services tab of Windows Task Manager and show which actual services are running under that svchost instance.

mgmorgan01
mgmorgan01

Right, pretty basic. Perhaps next article could be what columns to select and why.

Mark W. Kaelin
Mark W. Kaelin

Are you currently troubleshooting a Windows 7 problem? Did it involve a particular process?

Greg Shultz
Greg Shultz

...Windows XP's Windows Task Manager doesn't provide the same level of features.

Cuffy10
Cuffy10

If you use Sysinternals you may be interested in WSCC? It adds Nirsoft tools to Sysinternal tools in a UI or control panel. Pretty neat! Keeps a lot of tools in one bucket. http://www.kls-soft.com/wscc/index.php

Greg Shultz
Greg Shultz

I forgot to mention that technique! I still like using the command line alot and got carried away... I apologize for any inconvenience by not mentioning the simpler technique. However, using the Tasklist /svc /fo list is still a valid method and one that Windows XP users can take advantage of when it comes to identifying services running under an instance of svchost. Plus, it just goes to show you that there is usually more than one way to do things in Windows.

MasterTech
MasterTech

This is a great site for all things technical.

Davlas
Davlas

Just to note for the article that "Show processes from all users" on the process tab must be selected/clicked before "Go to Process" on the service tab will work correctly. -dave

johncymru
johncymru

Cheers, as I only need it for personal use, i.e. it remains free, I will have to give it a try. Though to be fair, for anyone who really needs the save priority feature, $19.95 isn't a lot to pay.