Best Practices Enterprise Tech Featured Microsoft Tools

Top Ten Tips and Troubleshooting with Process Explorer Tool

Process Explorer tool from SysInternals, will give you a complete overview on what processes are currently running in your PC along with the details on who invoked it and how much system resources it is consuming. This tool will be very essential, if you want to identify which file or directory has a particular program opened. In this article, you will learn 10 best practices and tips which will help to use this tool better.

A process is a container for a set of resources, including one or more threads. A process never consumes a CPU. Its the thread inside the process which consumes the system resources like CPU, Memory etc. Each process at-least has one Thread.  Using this tool, you can also determine which thread of a process is consuming CPU.

Some of the benefits, this Tool gives you are..

  • Displays the Parent/Child Relationships of the Processes
  • Highlighting of different process based on their source and states.
  • Customize Columns to suit specific needs to analyze CPU performance, Threads, etc
  • Tons of Options to play around with..!

Tip 1:Process Explorer Parameters – Create a Startup Shortcut / Desktop Shortcut to this executable (procexp.exe) and add a parameter /t /e to it.

Process Explorer - Parameters

/t makes this executable run minimized and /e will make it run elevated. As most of the times, you want the system processes also.. it makes sense to run the tool elevated.

Process Explorer - System TrayWhen you invoke this shortcut, the Process Explorer will run in the System Tray as shown below. You can just double click to invoke them.

Tip 2: Configuring the Options – Goto Options Menu Item and Select Hide When Minimized and Allow only one instance. This will help you to just minimize the program, even when you click on the X close button. Sometimes, you tend to invoke the shortcut more than once, thinking that the Process Explorer is not running, selecting the Allow only one instance will help you not have multiple entries of Procexp inside the process explorer window.

Process Explorer - Hide When MinimizedTip 3: Configure Symbols – When you invoke any process and go-to the Threads Tab, you will observe a hexadecimal weird address in the Start Address Tab. These will not be helpful for you while troubleshooting. You will need to convert it to a meaninful message and thats where configuring the symbols will be useful.

Process Explorer - Hexa Thread DefinitionsGoto Options Tab, and click on Configure Symbols item.

Process Explorer - Configure Symbols

You will need to install the Windows Debugging Toolkit, so that you can configure the path of the dbghelp.dll file. Also, configure the Symbols path as both local and internet. For more information read here –

Process Explorer - Configure Symbol PathsOnce you do this, the hexa-decimal code will be converted to more meaningful message for effective understanding and troubleshooting. You can see in the Start Address column now.

Process Explorer - Meaningful Thread Definitions

Tip 4: Highlighting Colors – Goto Options Menu Item and Select, Configure highlighting. Using this option, you can customize the colors which you would like to assign for certain roles of processes. By default Pink color is associated for processes with one or more – win32 services, Yellow color for processes which uses .NET Framework, Light blue color for processes which are running with the same user account as the process explorer.

Configure Highlighting of ProcessesTip 5: Configure Difference highlighting Duration: Set the Duration to 5 or more seconds. This is an important tip, which will help you distinguish in the difference of the events. The color associations and the process will exist and run for 5 seconds. For example, every process which starts new is associated a green color and every process that stops gets a red. the processes will exist in the Process Explorer for at-least 5 seconds with the same color code, so that you can see them and diagnose the same.

Configuring highlighting DurationTip 6: Verifying Processes – When you double-click on any process it opens the properties dialog; this will give you the complete information of that particular process. Its Parent process, Who invoked it, At what time, What OS version is it (32/64 bit) etc. Just observe that, this executable is not verified no matter it comes from Microsoft Corporation. Verifying the processes will help you to determine whether this process is signed to run on this particular edition of the OS. For example, if your machine performance is sluggish, you might run the verify process and see if any of the executables like antivirus are not suited for your PC.

Analyzing a Process Image

Goto Options Tab and select on Verify Image Signatures. This will start the verification process. Now you click on any column and add a new column for Verified Signer. You will start seeing all the process along with the verified status.

Verified Processes

Tip 7: Process Identification – Sometimes, there could be many processes running on your PC (for example, many instances of a same application), In this case it would be difficult to identify the associated process entry in Process Explorer. Thats where exactly, this magnifier comes to your help. Hold the magnifier button, and that will show you all the other windows executing on your PC. Just drop the magnifier on a window which you wanted to identify and that appropriate process would get high-lighted in the Process Explorer.

Magnifier Process Identifier

Tip 8: DLL/Header View – Selecting a Process, and pressing Cntl+D will show the DLL view in the hidden tab. Cntl + H will show the headers which are currently accessed by the process. This will be helpful to understand the components used by a process. You can also choose to search a dll or a Header using the Search option. For eg: If you ever encountered a failed delete action by your process, searching for ‘delete’ will give you more information on what gets called and which file did your process try to delete. You can hover over any process in Process explorer, this will get you all the win32 services running in it.

Cntl+D for DLL View –

Process Explorer - DLL View

Cntl+H for Header View –

Process Explorer - Headers View

Tip 9: Performance Graphs – Double-clicking the graph in the icon bar, will open the performance graph. The red color showcases the kernel mode and the green signifies the transition of Kernel and User mode. If you are running a multi-core PC, choose to ‘show One Graph per CPU’. This will help you manage tasks and also enables you to take a decision to set affinity for a process to a single CPU. (You can right click on a process, Set Affinity to just any of the CPU)

Set Processor Affinity

System Information - Performance Graph

Tip 10: Configure Columns – In the explorer window, Right click on a column header and add new columns. To identify an executable or a process performance, you need to add Threads, CPU Usage, Context Switch Delta and CPU Cycles Delta. This will help you identify which process has more threads and is consuming high CPU usage. Based upon your analysis, you can choose to terminate it for system performance.

Process Performance

Are you aware of any other worthwhile tip on this tool? If yes, drop in as a comment here and I shall feature it in this article appropriately!

Also read about the other SysInternals Tools here  –

Community Activities General Microsoft

K-MUG Office 2010 Community Launch

Microsoft Office 2010 is a productivity suite from Microsoft. This is the latest edition in the suite of office products. Right from the office 97 till the 2010 version, the product has evolved a long way from just a software towards being a platform.

Office 2010 includes extended file format support, user interface updates, and a refined user experience. Office 2010 marks the debut of free online versions of Word, Excel, PowerPoint, and OneNote, which work in popular web browsers.

Last weekend, there was an Office 2010 Community launch at K-MUG during the DevCon. We did have a combination of students, developers and technology enthusiasts as our audience. We didn’t want it to be, just another conventional presentation. I am Rama were discussing on how to build a story line around the Office 2010 demos. That’s when; the Football World Cup came to our mind. We planned a scenario of a restaurant owner who wants to host a World Cup party at his place. Keeping this in mind, I showcased some key features of the Office Suite of products during this demo which can be used –

  • How one can do a brainstorming talk with his team using OneNote 2010, syncing it with mobile and different users.
  • Take a screenshot right inside the word or power Point, instead of using a print screen and then editing it in paint.
  • Image editing capabilities to remove the background of an image
  • Artistic features to design an image – Without using a third party software.
  • Pinning a document to the recent list, or jump list for easy access
  • How to add Visual text effects in Word to highlight a section of text or letters.
  • The recovering capabilities of an office document, when closed prematurely
  • How to create data trends chart for each row / column using Sparkline in Excel 2010.
  • Improved Animation and Narration features in PowerPoint 2010.
  • How to add a Video to a PowerPoint presentation, edit and format them in ease.
  • Using sections within a presentation.
  • Save presentation as a video
  • Broadcasting a PowerPoint presentation to external users through internet.
  • Power of Office Web apps. How an user can just goto Office Live and start using the office apps absolutely free. Also, when you hit the F11 key, the web app and the desktop app almost looks and behaves the same.

You would also be interested in reading these –