{"id":397,"date":"2014-02-24T08:00:03","date_gmt":"2014-02-24T16:00:03","guid":{"rendered":"http:\/\/www.coretechnologies.com\/blog\/?p=397"},"modified":"2019-11-11T21:53:08","modified_gmt":"2019-11-12T05:53:08","slug":"essential-tools-for-windows-services-process-explorer","status":"publish","type":"post","link":"https:\/\/www.coretechnologies.com\/blog\/windows-services\/essential-tools-for-windows-services-process-explorer\/","title":{"rendered":"Essential Tools for Windows Services: Process Explorer"},"content":{"rendered":"

\nIf you want to understand what’s really<\/i> going on with the programs on your computer, then look no further than Microsoft’s excellent (and free) Process Explorer<\/a>. Think of it as the “Task Manager on steroids”, with the ability to show all processes, threads, handles, and of course, Windows Services running on your PC.\n<\/p>\n

\nWhen launched, Process Explorer shows a colorful tree of all the active processes. The interface automatically refreshes itself every few seconds to highlight processes as they come and go. All Windows Services run under the wninit.exe > services.exe<\/b> branch:\n<\/p>\n


\n\"Process
\n<\/a><\/p>\n

\nDouble-clicking an entry allows you to dig into a specific process. For example, here is what is shown for spoolsv.exe, the Windows Print Spooler:\n<\/p>\n


\n\"Process
\n<\/a><\/p>\n

\nYou can start, stop, restart or even change the permissions of the Spooler service from the Services tab:\n<\/p>\n


\n\"Process
\n<\/a><\/p>\n

\nBack on Process Explorer’s main screen, summon the Lower Pane (View > Show Lower Pane<\/b>) for some serious detective work. You can review all DLLs loaded, or even better, see all the files, registry keys and other objects locked by a process by viewing Handles for the lower pane (View > Lower Pane View > Handles<\/b>). Here we see that iTunes (being run as a service with AlwaysUp<\/a>) is using the “counters.dat” file:\n<\/p>\n


\n\"Process
\n<\/a><\/p>\n

\nAnd perhaps most useful of all, Process Explorer can help you track down which application is preventing you from deleting a file or folder! Choose Find > Find Handle or DLL…<\/b> and search for the file by name. Here we can see that the counters.dat file used by iTunes is also being held by Explorer and QuickBooks:\n<\/p>\n


\n\"Process
\n<\/a><\/p>\n

Process Explorer has many other interesting features. Easily terminate any process (and all its sup-processes if necessary), boost the priority of any process to make it run faster, and much more. Enjoy!<\/p>\n