Since Microsoft bought the sysinternals company lets hope Microsoft keeps the sysinternals utilities free. This bunch of free utilities are definately part of your survival kit as a Windows user. This little kit of utilities lets you answer the questions like what the hell is svchost.exe running, why are there so many of such processes running. Or what process is opening this file, or even what files does this process open and use.... read on...

I have always wondered what the heck is running under the hood on my PC, why couldn't they just put sysinternals utilities as part of the Windows OS sigh.... Anyway at least we can thank Microsoft for buying Sysinternals and keeping it FREE. The two little utilities from Sysinternals that is going to help us do the snooping around the OS are Process Explorer and Process Monitor.

Lets see what these tools can do. By painting a real scenario.

In this case I have hooked up my usb flash drive and its assigned the drive letter d:

Ok now lets say I've done my stuff and I wanna eject my usb flash drive.

What the... Its the dreaded.. your thumbdrive nya nya nya yadda popup that tells you the usb flash is still in use.

Ok now you probably wanna know what process is using the usb flash drive.  Lets Fireup Process Monitor to take a look. Process Monitor by default lists a whole bunch of events. Telling you what your computer is doing in realtime. Since my USB Flash drive is drive D: let me set a filter based on the drive letter. See the pics below:

1. Click on the filter icon: 

2. Select Path > Contains > D:

3. You will see that there is a new filter with a green tick icon

4. The filter will be activated in Process Monitor and will list all processes matching the filter.

After running for a little while we can see that WUDFHOST.EXE is the process opening the files in the USB thumbdrive.

Another great tool is Process Explorer. It is kinda like the default Vista task manager on steroids.

Here it lists the WUDFHOST.EXE process. And in real time it shows the files the process is accessing and even highlights it in red and green. 

With Process Explorer you can nuke this offending process by killing it. And viola you will be able to eject your usb drive.

After more investigation I discovered that WUDFHOST.EXE was triggered by Windows Media Player 11.

Sysinternals Process Monitor and Process Explorer are definately essential tools on any Vista Computer, there so much information that you can get from these tools that will give you insight into what your computer is doing in realtime. I definately highly recommend these free tools
and give five cool smilies no question about it.

GET Process Explorer HERE and Process Monitor HERE.

Be first to comment this article

Write Comment

Please keep the topic of messages relevant to the subject of the article. Personal verbal attacks will be deleted. Please don't use comments to plug your web site. Such material will be removed. Just ensure to *Refresh* your browser for a new security code to be displayed prior to clicking on the 'Send' button. Keep in mind that the above process only applies if you simply entered the wrong security code.
Name:
E-mail
Homepage
Title:
BBCode:
Comment:
Code:*
	I wish to be contacted by email regarding additional comments

Powered by AkoComment Tweaked Special Edition v.1.4.6

---