9/15/2010

Get IT Done: Script helps identify proc…

TechRepublic : A ZDNet Tech Community

Get IT Done: Script helps identify processes displayed by Windows Task Manager
by Greg Shultz | May 19, 2003 7:00:00 AM Tags: Using Task Manager, Get IT Done, Greg Shultz, Task Manager, Processes Tab..., Microsoft Windows Takeaway: Download Windows XP Processes Explorer script to identify running processes If you're like most IT pros, chances are that you occasionally turn to Task Manager when troubleshooting a problem in Windows 2000 or Windows XP. When you launch Task Manager, it normally opens to the Applications tab, which gives detailed information about the programs and processes on your system. However, when you switch to the Processes tab, you’ll see that there are many more processes running than there are applications. Some of the processes are easy to identify—especially if they represent an application. For example, it’s easy to tell that the notepad.exe process corresponds to Notepad. However, other processes, such as Lsass.exe or svchost.exe, are much more difficult to identify, with some corresponding to portions of the operating system while others correspond to applications or utilities that run in the background. Wouldn’t it be nice if you could point to a process on Task Manager’s Processes tab and simply click a button to reveal the identity of the process? Unfortunately, that’s not the way Task Manager was designed. If you want to identify a process, you’re left to a manual operation that involves either tracking down the process’s actual executable file and investigating its properties dialog box or using the Services tool. Having found that the former manual operation usually produces good results, I decided that it was high time that I sat down and developed a script with VBScript and Windows Script Host that would automate the gathering of information from the properties dialog box. Furthermore, I really wanted to experiment with using data from Windows XP’s new WMIC (Windows Management Information Command-line) tool in scripts. WMIC can provide you with a lot of details on running processes—it doesn’t identify them, however. In this Daily Drill Down, I’ll show you several sources that you can use to go about identifying the processes that Task Manager displays on the Processes tab. I’ll then introduce you to my Process Explorer script and show you how you can use it to identify processes. Along the way, I’ll provide you with information about some of the standard processes you’re likely to encounter as well as tips on how to determine which processes can be safely stopped to solve problems or free up system resources. Download the Windows XP Processes Explorer script You can download the Windows XP Processes Explorer script by following this link or clicking on the Downloads link in the navigation bar on the left of this page. TechProGuild and
…com.com/5100-10878_11-5034794.… 1/9

launching the Help and Support Center also launches another …com. keep in mind that some applications spawn multiple processes. when you right click on the corresponding task on the Applications tab and select the Go To Process command. let’s start at the beginning and look at a feature built into Task Manager that can. help you identify processes associated with running applications. You can then check the Processes tab to make sure that the process associated with that application has shut down as well. if you’re running Windows XP and launch the Help and Support Center. Once you’ve linked a process to an application.… 2/9 . Task Manager highlights the Helpctr. to bring up a context menu that contains a command titled Go To Process. When you’re looking at the Applications tab.com/5100-10878_11-5034794. Task Manager immediately switches to the Processes tab and highlights the main process that corresponds to that application. Keeping track of multiples As you’re using the Go To Process method of tracking down processes. When you select this command. on a basic level. templates. as shown in Figure A.exe process.9/15/2010 Get IT Done: Script helps identify proc… TechRepublic have many useful documents. you can right-click on any application. you can return to the application and shut it down as you normally would. so be sure to check out our other offerings. For example. However. Using Task Manager’s Go To Process command Before we get started with some of the more elaborate means of identifying processes. or task. Figure A Using the Go To Process command will help you to identify processes associated with running applications. and applications available for download.

Figure B …com. another process called HelpHost.9/15/2010 Get IT Done: Script helps identify proc… process called Helpsvc. there’s no built in method for identifying processes associated with the operating system or other utilities that run in the background or even on the notification area of the taskbar. Figure B shows the Properties dialog box for the Smss. And. To identify these files. When you see the Properties dialog box. if you use the Go To Process command on any of these tasks. For example.com/5100-10878_11-5034794. select the Version tab.exe is launched.exe. the Product Name item specifically identifies this file as being part of the operating system. Once Search locates the file. you’re left to a manual procedure. Using the process file’s properties While Task Manager provides you with a method for identifying processes associated with applications. For example. you can tell that this is an operating system file (according to the Description field near the top of the tab). There you’ll find all sorts of information that can help you to identify the process. As you can see. if you’re using Outlook as your e-mail client and have several messages open. which identifies Smss. if you use the Help and Support Center’s Search feature.exe process. To perform the manual procedure. Right off the bat. in this case.exe as the Windows NT Session Manager. you’ll see a task for each message as well as for the main program. In the Other Version Information section. they’ll all point back to a single process— Outlook.… 3/9 .exe. you can select the various Item Names to find out more about the file. you begin by launching the Search tool and searching for the executable filename of the process you’re interested in identifying. Another thing to keep in mind is that more than one task on the Applications tab can be linked to a single process. you’ll right-click on the file and select the Properties command.

launch the Control Panel.… 4/9 . Svchost. As such. If it lists Svchost. double-click on one of those services and check the Path To Executable text box. or on the Microsoft Knowledge Base. if you’re running Windows XP and double-click the Themes service. you’ll see that it runs under the Svchost. using the information supplied on the Version tab of the properties dialog box. by using the Services tool. you’ll reduce the memory usage of one of the Svchost. Figure C …com. then you’ve identified a specific service that is associated with a running process. newsgroups.exe or Services.exe.exe or Services.exe process.9/15/2010 Get IT Done: Script helps identify proc… Using the version tab of a file’s Properties dialog box. and double-click on Services. Once you see the Services tool. To do so.exe processes.exe. open Administrative Tools. you can learn more about specific services that are running as Svchost. If you still require more detailed information.exe is a generic host process name for services that are run from dynamiclink libraries (DLLs).com/5100-10878_11-5034794. When you do so. Using the Services tool As you study the list of items on the Processes tab. Then. For example. which hosts several essential Windows operating system services.exe processes. click on the Status column header to sort the services so that those that are started are at the top of the list. you can learn a lot about a file that is listed as a process. you’ll definitely see several Svchost.exe processes and free up some system resources. you can launch a more knowledgeable search on the Internet. You’ll also see a process titled Services. You can then check the Description panel to learn more about the service and decide if you can safely stop or pause the service or even change it’s startup type. as shown in Figure C.

I also wanted to experiment with WMIC …com. select the PID check box. take note of the PID (Process Identifier) number of the Svchost. In addition to those services that run under a process host. it’s definitely worth your while traipsing through the Services tool when trying to identify processes. I wrote the Process Explorer script in VBScript and Windows Script Host to automate the operation of gathering details about a process by investigating the properties associated with the processes’ executable files. You can then match up the PID numbers and pinpoint exactly which Svchost.exe process.exe process that is hosting the service you’re interested in.exe process is hosting the service.exe process. return to Task Manager. open a Command Prompt and use one of the following commands. choose the Select Columns command. Pinpointing process hosted services If you want to identify exactly which Svchost. In Windows XP: Tasklist /FI "IMAGENAME eq svchost. Using the Process Explorer script As I mentioned. pull down the View menu. select the Processes tab. Then.exe" /svc In Windows 2000: Tlist –s When you see the results. and click OK. Therefore.com/5100-10878_11-5034794. you’ll find some services that exactly correspond to running processes.… 5/9 .9/15/2010 Get IT Done: Script helps identify proc… Many services run under the Svchost. IPSEC Services corresponds to the Lsass.exe process a specific service is running under. For example.

the script will not work. which is only available in Windows XP and Windows Server 2003 family. To begin.cnt Process. When you see the WMIC command prompt.) Of course. log on as a local administrator.exe) that provides Windows-based properties for setting script properties. You'll then see a message indicating that the WMIC environment is being initiated. and a command prompt-based version (Cscript. since the Process Explorer script relies on WMIC. you can type the command process get Caption. just download the script package ProcessExplorer. The Progress. open Windows Explorer. Before launching the script make sure that Windows associates VBS files with the Windowsbased version of the Windows Script Host (WSH)--Wscript. type WMIC and press [Enter]. Once you do. If this advanced folder setting is checked.9/15/2010 Get IT Done: Script helps identify proc… (pronounced “WeeMek”).exe. let’s take a look at how the script works.com/5100-10878_11-5034794.vbs Progress. which by the way is implemented as an HTA (HTML Application). I discovered that WMIC could very quickly and easily provide me with the kind of details on processes—executable name and path—that I needed for the script with a simple command line consisting of the command: process get Caption.vbs is the main file and the one that you’ll use to launch the utility.cnt. ExecutablePath to see the raw data used by the Process Explorer.cnt. you must create a folder in the root directory called ProcessExplorer and then unzip the following six files into the new folder: 1. the script will fail to run correctly. make sure the check box for Hide Protected Operating System Files is …com. and select the View tab. you should initiate it before you run the script for the first time. Initiating WMIC If you've never used WMIC before. Anyway.cnt 3.gif files are used to create a progress indicator. but it wasn’t consistent.zip. Windows provides two versions of the WSH: a Windows-based version (Wscript. ProcessExplorer.ico files are support files that are used to create the user interface for the Process Explorer.ico ProcessExplorer. Furthermore. the coolest thing about WMIC is that it uses Aliases to mask the complexity of WMI’s classes and it’s syntax.… 6/9 . or you can type quit to exit the WMIC window and begin using the Process Explorer script. to make a long story short. You can create a shortcut to this file on your desktop if you want.gif Progress.exe) that provides command line switches for setting script properties.htm (If you don’t place the files in a folder called ProcessExplorer off the root directory. it will only run on Windows XP—it won’t run on Windows 2000. click Tools | Folder Options. 3. That said. I experimented with straight WMI and was eventually able to get similar information. The 1. Under Advanced settings. However. To configure this setting. open a command prompt. You must also make sure that the Hide Protected Operating System Files folder option is unchecked. Check out Microsoft Knowledge Base article 232211 for more information about the WSH. and Process. ExecutablePath. WMIC is designed to bring the systems management power of WMI (Windows Management Instrumentation) from the Windows Script Host environment to the command line. To do so.htm and Progress.

At this point.com/5100-10878_11-5034794. When you do. it first displays the animated progress indicator while in the background the script goes to work. When you launch the script. the script shuts down the progress indicator and then displays its user interface.9/15/2010 Get IT Done: Script helps identify proc… unchecked. To begin. Figure D The Process Explorer’s main user interface simply contains a drop-down list of all the currently running processes. as shown in Figure D. The script then locates each file on the hard disk and gathers the identification information that you find on the Version tab in the properties dialog box. you’ll immediately see. Extra processes If you compare the list of processes displayed by the Process Explorer with those displayed on …com. the Process Details dialog box.… 7/9 . Figure E The Process Details dialog box provides you with the description properties associated with the processes’ executable files. Once all the background work is done. as shown in Figure E. all you have to do is click the Choose A Process drop-down list and select a process. the script accesses WMIC and obtains a list of processes that it then saves to a text file. It then sorts alphabetically and parses the contents of the text file.

. you can purchase it online for under $50.exe In Task Manager. | 03/19/09 My Updates My Contacts Wou l d y ou l ik e y ou r own dy n a m i c Wor kspa ce on T ech Repu bli c? …com. eliminate problem processes. you’ll notice some extra processes in both lists. but it also helps you to remove unnecessary processes. Best of all. also read. you’ll find two extra processes that are also created by the actual running of the script: Mshta. This excellent utility garnered an Editor’s Choice award by the CNET Reviews team. | 06/06/03 Solution to Error Message 0x8004100e Greg Shultz | 08/13/03 RE: Script helps identify processes displayed by Windows Task Manager kiranmadhavi@.exe Wmiprvse.9/15/2010 Get IT Done: Script helps identify proc… Task Manager’s Processes tab..exe Wscript. and even has a small scripting language that you can use to manage processes... I suggest that you head on over to the LIUtilties Web site and check out WinTasks 4 Professional. | 06/18/08 RE: Script helps identify processes displayed by Windows Task Manager jasp77@..… 8/9 .exe Using WinTasks 4 Professional If you really want an industrial strength task/process management utility. Not only does WinTasks 4 Professional make it easy to identify processes. Wmic. create customized environments containing certain processes. change process priority.exe Wscript. you’ll find four extra processes that are created by the actual running of the script itself. Tech Tip: Investigate changes with the System Information tool Tech Tip: Track down non-operating system services with Windows XP Identify Windows XP processes in Task Manager Easily identify services running inside Windows XP's processes Build Your Skills: Five things every IT pro needs to know about Windows XP Print/View all Posts Comments on this article XP Only lowell@. People who read this. In Process Explorer..com/5100-10878_11-5034794.exe Cmd...

| Privacy Policy (updated) | Terms of Use …com. Wou l d y ou l ik e y ou r own dy n a m i c Wor kspa ce on T ech Repu bli c? Take two minutes and set up a TechRepublic member profile.9/15/2010 Get IT Done: Script helps identify proc… Take two minutes and set up a TechRepublic member profile. Popular on CBS sites: US Open | PGA Championship | iPad | Video Game Reviews | Cell Phones About CBS Interactive | Jobs | Advertise | Mobile | Site Map © 2010 CBS Interactive Inc.… 9/9 .com/5100-10878_11-5034794. All rights reserved.

Sign up to vote on this title
UsefulNot useful