IT admin's guide to the Sysinternals suite
A comprehensive collection of articles, videos and more, hand-picked by our editors
Although a number of built-in Windows troubleshooting tools exist for diagnosing performance problems, they might not always be sufficient. Tools such as Performance Monitor, Task Manager and Resource Monitor can trace a performance problem to a specific process, but they lack the granularity to see inside the troublesome process. Thankfully, a free Windows Sysinternals tool called Process Monitor is able to do what native operating system diagnostics cannot.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You can see what the Sysinternals Process Monitor looks like in Figure 1. The bulk of the space within the screen capture is made up of log entries. Process Monitor is designed to log process-related information, and it can actually build logs that are multiple gigabytes in size.
Figure 1: This is the Process Monitor interface.
As you can see, the Windows Process Monitor is designed to give insight into what a process is doing. For example, you can see the time, the process name and process ID, the operation's path and result, and some details such as the offset, length and priority of the operation.
Needless to say, having this information at your disposal can go a long way toward helping you to diagnose performance problems. It is worth noting, however, that the Sysinternals Process Monitor interface is fully customizable. You can add information to the display, as well as remove any unwanted data.
To do so, choose Select Columns from the Options menu. You'll see a series of checkboxes that allow you to choose the columns that you want to view. Figure 2 shows the available options.
Figure 2: You can add and remove columns from
the Process Monitor display.
Process Monitor, which is designed for Windows XP and newer OS versions, can log vast amounts of data. The real key to Windows troubleshooting is to be able to cut through the clutter and find the information that is really important.
The first trick is to log only as much data as you absolutely have to. As soon as you open Process Monitor, it begins collecting data. It's a good idea to halt the data collection process once you know that the performance problem that you are trying to troubleshoot has occurred.
The option for starting or stopping the data collection process is found on the File menu. Incidentally, this menu also contains an option to save the data you have collected in case you need to look at it again later.
Even if you manage to stop the data collection process rather quickly, the Process Monitor can still log quite a bit of data. Thankfully, there are several tools that help you make sense of the collected data. You'll find these tools on the Tools menu.
One particularly helpful tool is the Process Tree, shown in Figure 3. It displays all of the processes that were running at the time that the data was collected, and it shows how the processes are related to one another.
Figure 3: The Process Tree displays the relationship between the various processes.
More on Windows troubleshooting
Take another look at Windows Sysinternals for useful tools
Sysinternals Process Explorer can reveal system usage
Get insight into Sysinternals from Russinovich book
Troubleshooting tips and tools for Windows 7
Why Windows Sysinternals tools are essential to desktop admins
How to troubleshoot Windows XP
The Tools menu also offers a number of different summary views. For instance, there is a process activity summary, a file summary and a network summary. These views can help you quickly get a feel for what is going on with a system.
As you zero in on the performance problem, you will likely need a filter. The filter is designed to help you locate relevant events while hiding irrelevant events. There is even a highlighting feature that calls attention to certain events.
One of the filter's best features is actually found on the Tools menu. The Count Occurrences option allows you to count the number of times that a particular value has occurred. You can select a column, click on a value for that column and click the Count button to see the number of times that the value has occurred. Double-clicking on the item will filter the output to show only those occurrences.
As you can see, the Windows Sysinternals Process Monitor is a great tool for Windows troubleshooting. The key to using it effectively is to know how to use the filter and the other built-in tools to cut through the clutter and find the data that can help you diagnose a desktop performance problem.