Recipe 10.3. Viewing the Resources a Process Is Using

Previous page
Table of content
Next page

Problem

You want to view the memory, I/O, and CPU statistics of a process along with any handles, DLLs, and network connections it has open. If you find that you are running low on memory on a particular system, this can often be attributed to a single process that has consumed a large amount of memory. If you can terminate that particular process, the system should go back to a stable state.

Finding the DLLs a process is using can be handy if you need to update a DLL and want to find out which programs are actively using it, or if you are trying to delete a DLL, but cannot do so due to a lock on the file by a process that is using it.

You may also want to see other handles, such as Registry keys or files, that a process has open and potentially locked, which may prevent you from modifying or deleting them.

Solution

Using a graphical user interface

To view the performance statistics of a process, do the following:

  1. Open the Sysinternals Process Explorer tool (procexp.exe).

  2. Double-click the process you want to view.

  3. View the Performance tab, which contains the process properties.

This information can also be viewed using Windows Task Manager (taskmgr.exe). After starting taskmgr.exe, click on the Processes tab. Select View Select Columns from the menu and check the boxes beside the properties you want to see.


To view the DLLs being used by a process, do the following:

  1. Open the Sysinternals Process Explorer tool (procexp.exe).

  2. From the menu, select View Lower Pane View DLLs.

    1. Open the Sysinternals Process Explorer tool (procexp.exe).

    2. From the menu, select Find Find DLLs.

      1. Open the Sysinternals Process Explorer tool (procexp.exe).

      2. From the menu select View View Handles.

        1. Open the Sysinternals TCPView tool (tcpview.exe).

        2. View the complete list of processes and associated ports, which are displayed by default. New connections show up in green and terminating connections show up in red.

        Using a command-line interface

        The Sysinternal's pslist command displays all of the performance metrics for a process:

        > pslist -x <ProcessName>

        In place of <ProcessName>, put the name of the process without its extension. For example:

        > pslist -x iexplore

        To view the DLLs being used by a process, use the listdll command available from Sysinternals:

        > listdlls <ProcessName>

        To view the processes using a specific DLL, use the following command:

        > listdlls -d <DLLName>

        To view all of the handles a process has open, use the following command:

        > handle -a -p <ProcessName>

        You can also search for a specific handle using the following command:

        > handle <HandleName>

        For example, if you want to find all processes that have the c:\test directory open, you would replace <HandleName> with c:\test.

        The following command displays the open ports and the process ID of the process associated with the port. The -o option is new to netstat.exe in Windows XP:

        > netstat -o

        The Sysinternals netstatp.exe command is similar to netstat.exe, except it displays the process name associated with each port (not just the PID):

        > netstatp

        And for yet another extremely useful port querying tool, check out portqry.exe (see MS KB 310099 for more information). With portqry you can get even more information than with netstatp. Run this command to output all of the ports and their associated processes:

        > portqry -local

        This command also breaks port usage down by service (e.g., DnsCache). You can watch the port usage for a particular PID and log it to a file. The following command does this for PID 1234:

        > portqry -wpid 1234 -wt 5 -l portoutput.txt -v

        The -wt defines the watch time, which is how long portqry waits before examining the process again (the default is 60 seconds). The -v option is for verbose output.

        Using VBScript

        There are no APIs available to VBScript to query the DLLs, which handles, and which network connections a process is using, but you can use WMI to retrieve memory and CPU usage as shown here:

        ' This code displays the performance stats of a process. ' ------ SCRIPT CONFIGURATION ------ intPID = 3280  ' PID of target process strComputer = "." ' ------ END CONFIGURATION --------- WScript.Echo "Process PID: " & intPID set objWMIProcess = GetObject("winmgmts:\\" & strComputer & _                       "\root\cimv2:Win32_Process.Handle='" & intPID & "'") arrProps = Array("Name", "KernelModeTime", "UserModeTime", _                  "MaximumWorkingSetSize", "MinimumWorkingSetSize", _                  "PageFaults", "PageFileUsage", "VirtualSize", _                  "WorkingSetSize", "PeakPageFileUsage", "PeakVirtualSize", _                  "PeakWorkingSetSize", "PrivatePageCount", _                  "QuotaNonPagedPoolUsage", "QuotaPagedPoolUsage", _                  "QuotaPeakNonPagedPoolUsage", "QuotaPeakPagedPoolUsage", _                  "ThreadCount") for each strProp in arrProps     WScript.Echo strProp & ": " & objWMIProcess.Properties_(strProp) next

        Discussion

        If you need to get serious about analyzing performance statistics for one or more processes, you should consider using Performance Monitor (perfmon.exe). With the Process performance object (click the little + icon in the System Monitor and select Process under Performance object), you can graph a variety of metrics for individual processes or for all of them together using the _Total instance. Even if you don't want to use Performance Monitor to monitor processes, it can still be useful if you have a question about what a particular metric, such as Working Set, really means. Click the Explain button when you view the Process performance object, which will cause another dialog to appear that contains additional information about what each counter means. These counters are mostly the same ones you'll find in Task Manager, pslist, and the Win32_Process class.

        See Also

        MS KB 137984, "TCP Connection States and Netstat Output," and MS KB 310099, "Description of the Portqry.exe Command-Line Utility"


Previous page
Table of content
Next page
Windows XP Cookbook
Windows XP Cookbook (Cookbooks)
ISBN: 0596007256
EAN: 2147483647
Year: 2006
Pages: 408
Authors: Robbie Allen, Preston Gralla
BUY ON AMAZON
Systematic Software Testing (Artech House Computer Library)
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
Twisted Network Programming Essentials
What is Lean Six Sigma
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy