Greg Shultz shows you how to use Windows Task Manager to track down detailed information about any process running in Microsoft Windows 7.
In my October 5 blog post, "Investigate Memory Usage with Windows 7 Resource Monitor," I showed you how to use the detailed information displayed in Microsoft Windows 7 Resource Monitor to investigate memory usage. I went into quite a bit of detail while describing the Processes table on the Memory tab. As I mentioned, the Image column shows the process's executable file name, and the processes that represent applications are easy to identify. For example, it's obvious that the notepad.exe process corresponds to Notepad. However, not all processes are as easy to figure out.
Since that blog was published, I have received numerous questions from readers wanting to know how to go about identifying those processes with executable file names that are not as easy to identify. Fortunately, there is a way to learn a great deal about any and all processes in Windows 7. However, you have to switch over to Windows Task Manager to make it happen.
In this edition of the Windows Desktop Report, I'll show you how to use Windows Task Manager to track down detailed information about any process running in Windows 7.
This blog post is also available in PDF format in a TechRepublic download.
Launching Task Manager
There are several ways that you can access Windows Task Manager in Windows 7. Of course, you can right-click on the Taskbar and select Start Task Manager from the context menu or you can press [Ctrl]+[Shift]+[Esc]. You can also call up Task Manager by launching its executable file. To do that, just click the Start button, type taskmgr in the Start Search box, and press [Enter].
Once Windows Task Manager is up and running, select the Processes tab.
The Description columnWhen you access the Processes tab, take a closer look at the columns, and you'll notice the Description column. As you can see in Figure A, this column provides a fairly detailed description for each process.
The Description column provides very useful information for identifying processes.
Select Process Page ColumnsIf you want more detailed information than is displayed in the Description column, you can pull down the View menu and choose the Select Columns command to reveal the Select Process Page Columns dialog box, shown in Figure B. You can then get more descriptive detail by adding other columns such as the Image Path Name, which shows the full path to the file behind the running process, or the Command Line setting, which shows the full command line, including the parameters or switches used to launch the process.
You can get even more detailed information by adding the Image Path Name and Command Line columns to the Processes tab.
In addition to these two items that will help you identify a process, you can see that there are a number of other columns you can add to the Processes tab. These can also provide you with all sorts of information that can be used in conjunction with the information provided by Windows 7's Resource Monitor.
As you can see, the Select Process Page Columns dialog box contains 30 items, and describing them all here is beyond the scope of this article. However, you can check out the What Do the Task Manager Memory Columns Mean? page on Microsoft's Windows site to find out what information each reveals.
Open File LocationIn addition to adding the Image Path Name and Command Line columns to the Processes tab, you can right-click on a process and select the Open File Location command. When you do, Windows Explorer will open that folder so that you can see all the other files associated with the process. For example, I right-clicked on the hqtray.exe and selected the Open File Location, and Windows Explorer opened the VMware Player folder, as shown in Figure C.
Using the Open File Location command reveals the folder in Windows Explorer.
PropertiesOther information about a process can be gleaned by right-clicking on a process and selecting the Properties command. Doing so opens the file's standard Properties dialog box. You can then select the Details tab, as shown in Figure D.
On the Properties tab you can find more detailed information about a process.
If the process you are interested in learning more about is listed as Svchost.exe, you can use the Tasklist command-line tool. To begin with, Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). To learn which services are running in a Svchost.exe process, open a Command Prompt and use the command
Tasklist /svc /fo listWhen you do, you'll see a list of all the currently running processes. Just scroll through the list and look for the Svchost.exe processes, and you'll see a list of all the services that are running under it, as shown in Figure E.
The Tasklist command will show you what services are running under a Svchost process.Once you have identified the services, take note of the PID (Process Identifier) number of the Svchost.exe process. Then, return to Windows Task Manager and select the Services tab. Now, select the PID column header to sort the list by PID number. At this point, locate the PID number you noted and check the Description column for more information, as shown in Figure F.
With the PID number, you can track down the Description on the Services tab.
Unfortunately, the information is pretty basic, but at least you will have a better understanding of what is happening behind a Svchost process.
What's your take?
Have you used Windows Task Manager's features to track down details of running processes? If so, what has been your experience? As always, if you have comments or information to share about this topic, please take a moment to drop by the TechRepublic Community Forums and let us hear from you.
Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!