Windows – Dealing with background Processes
Tips and Tricks to deal with Windows Process Internals
you might be working seriously on some installations stuff or trying to set up a full stack that has many tools to combine and configure which might result in lot of new processes and daemons that might need many resources on your machine.
Most of the common issues we across are : Port conflicts between processes or we might want to gather more statistics and diagnostic information pertinent to running processes in background.
some of the common commands which you might find handy in case to find what’s going behind the woods .. 🙂
Firstly, would you like to see all the processes that are running and doing their work calmly ?
a) Open Command Prompt in Administrator mode from “Start >> Search Box >> type “cmd” and select “cmd.exe” item that appears on search result list >> right click on “cmd.exe” >> select “Run As Administrator” from the right click context.
b) since it is always difficult to remember various switch options provided by every command , lets take help to find about command netstat by simply typing :
netstat /? in command prompt that was just launched.
From the above command , i need :
-a switch to Displays all connections and listening ports.
-b switch to Display the executable involved in creating each connection or listening port.
-n to Display addresses and port numbers in numerical form.
and finally , -o switch that Displays the owning process ID associated with each connection.
now run the command as :
As this command lists lot of processes at one go, it is very hard to find the port you are interested in.
c) Lets enhance the same command a better way so that i could filter for the lines that listens at particular port ( say 8080 which is most common port that has a conflict).
We can make this possible to send this output by clubbing another useful command either findstr or find ( anything is fine :-)).
I have clubbed netstat command with find/findstr to find to search for a string that has “8080” which gives me the result as shown in below screen.
d) If i want to find more details of that particular process ID , in this case , PID :4496, i could simply use tasklist command with a filter to look the line that has head column PID = 4496 which give me result as shown below.
e) I can kill that process if i want using the command : taskkill. All the Steps( c,d,e) are shown in screen below:
You can Look for the Port that is listening on under “Local Address” column and also find the name of the process directly under that as shown in beside screen.
Steps to find the process in Task Manager :
check the process identifier/PID that is available next to the port you are intrested in. Open Windows Task Manager and go to Processes tab.
Look for the PID we noted earlier. Please Make sure “Show processes from all users” is selected in case if you do not find the process you are interested.
using wmic :
There is another wonderful tool available called wmic that displays all the process and threads running under each as shown below :
using Tools from Sysinternals :
windows sysinternals has very rich set of tools under “process Utilities” Section.
some of the popular tools among these are : process explorer , Port monitor , Process dump , Pslist and ListDLL’s.
you can find other tool categories like disk utilities, Networking and security.
Resource Monitor :
There are lot of tools and approaches to play with these processes but my favorite one is Resource Monitor :
This Utility allows us to look for associated handles , files , registry values and associated DLL modules easily using a search bar.