Monday, March 16, 2009

Process Explorer: What's sucking the life from my XP box?

My corporate XP box wanders off into the twilight zone several times a day.

Standard XP activity and performance monitoring tools like the System Monitor plug-in for Microsoft's Management Console tell me there's big time disk I/O going on, but not why. Suspects include antiviral software (which doesn't scale to modern TB drives), automated backup systems, corporate monitoring software, Windows Search, etc, etc.

An informed colleague tells me Microsoft's free Process Explorer is the key to digging deeper ...

Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work...

No comments: