FREE YOUR RESOURCES
Task Manager dissected
Ever wondered what goes on under the hood of Windows? If your PC is running smoothly, doing its job, then probably not. It’s when things start to go wrong—your PC slows to a crawl, or non-responsive application errors keep popping up—that you suddenly take a keen interest. There are plenty of tools out there that promise to speed up your computer, fix errors, and make things as good as new again (whatever that means), but there’s always an element of risk involved in trusting your PC to a program that doesn’t really explain what it’s doing, failing to point out that cleaning out the Registry doesn’t—on its own, at any rate —speed things up, and, more often than not, introduces problems you later can’t unpick to resolve without a refresh or, worse still, full-blown reinstall.
We may live in a post-truth world, but your PC doesn’t care about any of that. Knowledge is power, and understanding how Windows works arms you with the insights you need to make more informed choices about what to do the next time your PC decides to slow to a crawl. In this feature, we’re going to take a close look at the programs, processes, handles, and threads that make up the bulk of what your PC does. And if all that sounds like gobbledegook, don’t worry, because we’ll also explain how everything fits together to help you understand exactly what’s going on.
We kick things off by having a look at Windows 10’s powerful Task Manager tool to take a closer peek—you’ll even learn a clever trick that can sometimes help bring frozen applications back to life. And if you want to go deeper, we’ll take you on a tour of Process Explorer, which offers a forensic look at exactly what’s going on—both in the foreground and behind the scenes. You’ll discover how to free up system resources, track down troublesome processes, and generally keep your PC running a bit more smoothly.
We’ll also take a brief look at some other tools that can help you monitor your PC and track down fixes to your problems. But enough natter—it’s time to arm yourself with the tools and techniques you need to better understand your PC.
The main focus of our feature is the programs and processes that are running whenever you’re using Windows. These include apps, games, and other programs you launch yourself, as well as background processes, such as Windows Services, your security software’s auto-protect features, and Windows Explorer itself. Windows ships with its own built-in tool for monitoring and—to some degree—managing all of these in the form of Task Manager.
Task Manager has evolved into quite a powerful tool in recent versions of Windows—launch it by right-clicking the Taskbar. The default basic view merely shows running programs—right-click to close it or switch to that program (handy if it’s hidden from view). Note that the “Always on top” option merely ensures that the Task Manager window can’t be hidden by other windows.
To tap into Task Manager’s full range of features, click “More details,” which splits things into a multi-tabbed view. The main tab is “Processes,” an expanded view of all the processes and threads running on your PC. By default, these are split into three groups: apps are programs you launch from Windows Explorer; background processes are third-party programs running in the background, and Windows processes refer to core processes related to Windows.
You’ll see four additional columns of information, labeled “CPU,” “Memory,” “Disk,” and “Network.” These represent the process’s usage (as a percentage in CPU terms). You can quickly see which processes are hogging system resources by clicking any of the columns to sort the list accordingly. Once identified, you can decide whether or not to close the program or process in question—if you don’t recognize its name, right-click it, and choose “Properties > Details” for a more verbose description, or choose “Search online” to search Bing for both the process name and its underlying filename.
Tip: Cloud storage apps often hog all available network resources, which in turn can result in sluggish performance. Once verified as the culprit in Task Manager, open their settings, and look for a section where you can apply limits to their upload and download speeds—OneDrive users should go to “Settings > Network tab,” for example.
Recover Frozen Apps
If a program is not responding, the process should be highlighted—from here, you can attempt to close it by selecting the process and clicking the “End task” button. If that’s too drastic a step, you may be able to recover it by right-clicking and choosing “Go
to details.” This takes you to the “Details” tab, where processes are listed with more information—their status (running or suspended), the user who launched them (typically you, SYSTEM, or a SERVICE), and a PID (Process ID).
To try to free up a non-responding thread from here, right-click it again, and choose “Analyze wait chain.” This lists any threads that are using or waiting to use resources being used elsewhere. Ending the thread may be enough to free up the original process—we’ve done this a few times in Firefox when an individual tab has become non-responsive, for example.
There are some other handy options under the “Details” tab—you can alter thread priorities here, which in turn can stop particular processes from taking over your PC, and slowing everything else down. Simply right-click the offending process, and choose “Set Priority > Below Normal” to see whether it helps. You can also give threads more priority if you feel they need extra attention, but avoid giving any thread “Realtime” priority, because it brings Windows grinding to a halt.
Another option is “Set affinity.” This determines which processor cores a program or service can use—if you have a dual-core CPU or better, you might find older applications designed in the era of single-core processing run better if you limit their access to a specific core, rather than allowing them to use all available cores. In most cases, you’ll find Windows is perfectly capable of assigning resources efficiently, so it’s of largely academic interest only.
Trim Startup
One other Task Manager tab is worthy of attention: “Start-up.” This doesn’t just list which programs are set to start with Windows—it provides a “Start-up impact” tab that rates apps’ resource usage as “High,” “Medium,” or “Low.” Keep an eye on those rated “High”—if start-up times and overall performance suffer, preventing these from starting with Windows (rightclick the program and choose “Disable”) may help improve matters.
Task Manager’s other tabs enable you to monitor performance over time via a series of graphs (“Performance”), plus keep an eye on apps you’ve installed through the Microsoft Store by measuring their resource usage over time (“App history”). The “Users” tab is handy when two or more users are logged on at once, providing a list of user-generated running processes. Finally, “Services” provides a cut-down version of which low-level processes are running (or not). You can manually start, stop, and restart services from here, but for more granular control (such as setting a Service’s start-up setting), right-click the service, and choose “Open Services.”
Process Explorer
The Windows 10 Task Manager tool goes a long way to giving you a peek inside your system, as well as the tools for dealing with runaway and non-responding programs, processes, and threads. But you can delve even deeper into your system with the help of Process Explorer, a free tool developed by Microsoft’s Sysinternals team. Find out more and download it from https://technet.microsoft.com/en- us/sysinternals/processexplorer.aspx— it’s completely portable, and can be run directly from your web browser (go to https://live. sysinternals.com/procexp.exe to do so).
We’ll assume you’re downloading it: once done, right-click “ProcessExplorer.zip,” choose “Properties,” check “Unblock,” and click “OK.” Now extract its contents, then right-click either “procexp.exe” or “procexp64.exe” (depending on your Windows system type), and choose “Run as administrator.” Process Explorer doesn’t require elevated access, but if you want a complete look at your system, you should do so to allow it to peer wherever it needs to.
Process Explorer opens to a singlepane window. Expand the “Options” menu, and check “Hide When Minimized” and “Allow Only One Instance.” The former option ensures that when you close or hide Process Explorer, it minimizes to the Taskbar Notification area, where a realtime graph lets you keep an eye on CPU usage (roll your mouse over it, and a pop-up window reveals overall CPU usage, as well as that of the most demanding app running). Go to “Options > Tray Icons” to measure additional metrics via their own system tray icons, with seven choices on offer, including “GPU memory” and “Commit” (total predicted memory the system may need at any one time based on current usage).
Dig Deeper
But we digress. Return to the main Process Explorer window, which lists all running
processes. You’ll see some processes are nested inside others in a tree-like structure. This makes it clear from which process a particular process or program spawned (for example, if you open a program in the usual way, it appears nested underneath explorer.exe; however, if you open your web browser by clicking a link in another program—Word, say—it appears underneath the parent program instead).
Processes are also color-coded to help you identify what’s going on with each—to see what the colors represent, from recently launched threads (green) to threads ending (red), choose “Options > Configure Colors.”
Note this view is lost if you click any of the other column headings—such as “CPU”—to determine resource hogs. But if you double-click the process to open its Properties dialog, you can see the name of its parent process underneath the “Image” tab with other useful information (such as which user the process is running under).
As an aside, look carefully at the System process. You’ll see an entry marked “Interrupts.” This is an artificial process in that it actually tracks the system’s interaction with your hardware. If you spot high CPU consumption for this figure, then it indicates a potential problem with your hardware or—more likely—a driver bug. Don’t bother clicking it for further information, though—there’s nothing to see, literally.
Microscopic Examination
One of the many ways in which Process Explorer enables you to see what’s really
happening under the hood is through its support for showing detailed information about a process’s threads. Switch to the “Thread tab”—ignoring the warning about missing symbol files (not needed unless you’ve got the chops to go the extra mile, or you’re a developer)—and you’ll see a list of all threads associated with that process. You get to see the CPU usage for individual threads, as well as the files calling that thread, which helps pinpoint where a resource leak may be occurring. You can kill or suspend individual threads from this dialog box, but save any work before doing so—you could easily bring down the parent process from here, or even Windows itself if you don’t know what you’re doing.
A process’s “Properties” dialog contains a wealth of potentially helpful information. Use the “Performance” and “Performance Graph” tabs to measure its impact over time, for example. Switch to the “Service” tab to list which services it utilizes, or select “Environment” to view any environmental variables used by the program. The “Strings” tab is linked to the list of values provided by any DLL files used—these can help identify a process if you’re struggling to work out what it relates to.
Handles and DLL Files
Process Explorer also enables you to take a close look at a process’s handles and DLL files (the resource files that can be shared between multiple programs). Select your thread and press Ctrl-H—a new pane appears listing its handles. From here, double-click a handle to get more information about it (most specifically, a description of the handle type, such as “Section” or “Window Station.”) It’s possible to close individual handles by right-clicking and choosing the “Close” option—but, as with threads, if you don’t know what you’re doing, it’s likely you’ll bring the whole process crashing down.
Press Ctrl-D, and this lower pane switches to DLL view, listing all the DLL files that the process in question is accessing. Double-click a DLL file to access its properties—switch to the “Strings” tab and you’re shown a list of string values it contains. Press Ctrl-H to switch back to Handles view, or Ctrl-L to toggle the lower pane on and off.
What does this information tell you? It gives you detailed insights into what makes up a process—how it’s composed of multiple threads, and what resources it utilizes in the form of handles and DLL files. Not only does it enable you to see exactly what’s happening with individual processes, but it also helps you to learn exactly how programs and processes run.
Get More Help
Process Explorer is a powerful tool, and it can take a while to get your head around it. The Help file is a good place to start— press F1 to access it—but you’ll find some handy online resources, too. There’s a PDF handout from Kansas State University ( http://bit.ly/procexplhandout) that provides a good introduction—it was written back in 2009, but is still relevant. And don’t forget the official Process Explorer forum ( http:// forum.sysinternals.com), which contains an FAQ, among other handy resources.
It’s also worth taking a look at some of Sysinternals’ other tools as well—Autoruns ( http://bit.ly/autoruns) gives you a similarly detailed view of the start-up process, split across major tabs. It’s easier to grasp than Process Explorer, and provides you with all the tools you need to streamline your startup. If you want to monitor file system, Registry, process, thread, and DLL activity in real time, then Process Monitor ( http:// bit.ly/processmonitor) is the tool to go for— this is particularly handy if a program is crashing, because it provides you with more detail as to where in the process things might be going wrong. Finally, RAMMap ( http://bit.ly/ram-map) lets you take a peek into how your system RAM is managed.