What NOT to do with Process Explorer (another lesson learned...the hard way)

For those of you who've never heard of them, there's a couple of guys by the name of Mark Russinovich and Bryce Cogswell who run a site called Sysinternals. Sysinternals provides some of the most useful utilities available for Windows (NT, 2000, XP, etc. - don't tell anyone, but they've also got some for Linux, too). Developers and admins alike should definitely keep this site in their favorites list.

But I'm not blogging just to suck up to Sysinternals. After all, their utilities are free (though they do have another site, Winternals, that provides more full-featured utilities that are commercial software), so sucking up really won't get me anything anyway. No, I'm blogging to share my experience with one of their cool tools, called Process Explorer. Process Explorer allows you to look at all of the processes running on your machine, and drill down into the resources being used by those processes, find out quickly which program is responsible for a given process or processes, and (among other things) kill or change the priority of a process.

It's that last bit that tripped me up earlier this evening. While continuing the prep work for my pre-conference session at PDC, I noticed that for some unknown reason, Powerpoint was sucking up all the CPU cycles on my laptop. Other programs kept working, so I just killed off PP using the Task Manager, in hopes that when I restarted it, it would behave itself. No such luck. Each time I restarted Powerpoint, it hung. So I decided to fire up Process Explorer and take a look at what was going on to see if there was an obvious cause. So far, so good.

Once I've got Process Explorer open, I use it to kill off Powerpoint again, to see if any other processes go with it (in case some child process was causing the problem), and then fire it up again, only to have it hang once again. Then (and here's the good part) without really thinking about it, I decided to try changing the priority of the Powerpoint process, to see if perhaps there's something it's working on that I can get to finish more quickly. In fact, I'm so not thinking about it that I change the process priority to the highest level, Realtime. D'OH!!!

To make a long story short...DON'T DO THAT! By taking a process that was hanging and assigning it Realtime priority, I instantly hung my entire system. Fortunately, I was able to recover by simply powering down the laptop and restarting, and also fortunately, I didn't lose any data because Powerpoint had auto-saved my most recent notes, but it could easily have been much worse.

Bottom line is that there are some very powerful tools available from the folks at Sysinternals...but like woodshop power tools (I do carpentry as a hobby), if used improperly you can run into big problems really fast. Even if you know what you're doing, it's sometimes easy to space out for a minute and do something...well, stupid (let's be honest here). If you're using a power tool in a woodshop, you can lose a finger. If you're using a tool like Process Explorer, you can lose data, time, and perhaps worse. Don't learn that lesson the hard way.

6 Comments

  • Don't blame ProcExp, since you can change a process' priority via Task Manager as well ;-)

  • "you can change a process' priority via Task Manager as well"



    True enough, but I wasn't "blaming" Process Explorer (a good carpenter *never* blames his tools), just noting that using a tool the wrong way, whether it's Process Explorer or Task Manager, can have very bad outcomes. Process Explorer just happened to be the tool I was using to make that particular boo-boo. :-)



    Also gave me a chance to give a little plug to Sysinternals, since I think their stuff is really useful.

  • "Also gave me a chance to give a little plug to Sysinternals, since I think their stuff is really useful."

    Me too. Their PsTools are one of the first tools I install on any of my machines.

  • You can do this with Windows Task Manager on 2003, and XP too I think - Right click the process in process view and goto Set Priority.



    As you noticed, be careful with this ... generally setting anything above what it's set at is grounds for trouble.



    On a multi proc machine, you can set processor affinity in the same manner - right click the process, and set affinity. This is not dangerous - you can toggle what CPU(s)/Logical CPU(s) a particular application uses. Good for partitioning an app server.

  • I use their tools to detect any infection my system may have.

    Do you think maybe lowering the powerpoint's priority would have solved your problem ??

  • Process Explorer is great. Main problem is that it can't start at "real time". So, if a program hung you can't run PE, but you can run Task Manager using Ctrl Alt Del. Now, PE is great to search for viruses. They hide from Task Manager, but PE sees them.
    BTW, you should have tried "kill process tree" in PE.
    I undestand that the problem doesn't worth the time spend reading, but you used it as an reason to write about PE.

Comments have been disabled for this content.