29 December 2009

15 Task Manager tips for a faster PC



At first glance Task Manager looks like nothing more than a geeky way to tell you what you already know, the names of the programs running on your PC.

Explore out favourite Task Manager tricks, though, and you'll find all kinds of options for monitoring your system, detecting and resolving problems, especially in its most modern Windows Vista/Windows 7 incarnation. Here's what you need to know.

1. Browse your processes

Press Ctrl+Shift+Esc to launch Task Manager. By default the first thing you'll see is the Applications tab, but this is misleadingly named and of little much use as it just lists top-level windows. If you want to see what's actually running on your PC then click the Processes tab, click "Show processes from all users", and scroll down the list. If you don't know what a process is then right-click it and select Properties to get more information, such as the folder where it's stored, which will usually offer additional clues.

2. Troubleshoot startup problems

Windows Media Player is known to crash from time to time (you may have noticed this). Occasionally it'll crash without having any visible window, though, so you won't see there's a problem. Then, when you come to restart the program, nothing will happen because it's blocked by the crashed copy in RAM.

If you find Windows Media Player won't launch, then, fire up Task Manager, click the Processes tab and look for a WMPlayer.exe process. If you find one, and there's no window, then it's probably crashed. Right-click it in Task Manager, select End Process, and once it's shut down you should be able to start Media Player as normal.

Much the same problem can happen with other applications, so if something won't start, or is just misbehaving, then it's always a good idea to look for previous instances of the program. Don't use the "End Process" on anything unless you're 110% sure that it's safe to do so, though - terminating something system-critical can lock up or crash your PC immediately.

3. View memory use


It's often interesting to see which programs are using all your RAM. To find out, click the Processes tab, then click View > Select Columns, and ensure Memory - Working Set and Memory - Private Working Set are checked. You'll now see two estimates for your processes use of RAM.

The first, "Memory - Working Set" shows you how much physical memory is currently being taken up by each process. Some of this RAM may be shared by other processes, though (shared DLLS, for instance) so this figure tends to overestimate memory use.

The second, "Memory - Private Working Set" shows you how much physical memory this process alone is using (that is, it can't shared with anyone else). It will almost certainly consume additional RAM, though, so this figure tends to underestimate memory use. It's a little more reliable than the Working Set alone, but really you need to see both.

Now click the "Memory (Private Working Set)" column header so the largest figures are at the top. You'll immediately get a good feel for where your RAM is going, and which programs (if any) you need to close or tweak to get some of it back.



RAM HOGS: Find out which programs are hogging your RAM in seconds

4. Identify RAM-hogging services

Your list of processes should contain many called svchost.exe (if not, then you've not clicked "Show processes from all users"). This is the service host, a process that's used to run several Windows services. But what if this turns out to be grabbing large amounts of RAM? Which services might be to blame?

To find out more, right-click a particular svchost.exe and select Go To Services. Task Manager will open the Services tab and all the services managed by this particular instance of svchost.exe will be highlighted. Task Manager has no way to tell you how much each RAM each of the services are consuming individually, unfortunately, but this does at least greatly reduce your options. (And a hint: in most Windows Vista installations, ReadyBoost is by far the greatest resource-hogging service.)

5. Diagnose disk thrashing

Ever wondered exactly why your hard drive's been thrashing for ages, even though there's no-one at the PC? Click the Task Manager Processes tab, then click View > Select Columns, and check I/O Read Bytes and I/O Write Bytes. Click OK.

The new columns will show you the total amount of data read or written by a process, which applies to network activity as well as your hard drive. The busiest processes will have the largest figures, and if a process is active now then its totals will tick up as you watch.

6. Spot resource leaks

Sometimes processes grab more and more Windows resources, without ever quite getting around to releasing them. 32-bit Windows in particular has only a limited supply, and if this goes on for too long then your PC will become unreliable, then eventually lock up or crash.

Task Manager can help you spot a resource leak, though. Click the Processes tab, then click View > Select Columns, check Handles, User Objects and GDI Objects, and click OK. Now check these occasionally, along with the memory figures we mentioned earlier. Some of these may rise dramatically, on occasions - an antivirus tool will use many more handles when scanning, for instance, as they're used when accessing files - but if a particular resource figure is high, keeps rising, and never falls back to its starting point, then you may have a problem.

7. Stop a runaway process

If a particular process has gone rogue, using all your CPU time and reducing everything else to a crawl, then Task Manager may be able to help.

First, press Ctrl+Shift+Esc and wait for Task Manager to appear. If your runaway process is completely tying up the CPU then this can take a while, but if you don't want to reboot (you've an application with unsaved data, say) then be patient. We'd give it at least 10 or 15 minutes.

When Task Manager appears, look for the process consuming all your CPU time (click Processes, then click View > Select Columns and check CPU if that column isn't displayed). If you want to kill the process completely, then you could right-click it, select End Process and it'll die (most of the time).

This doesn't always work out as you expect, though. If the process is system-critical, maybe a Windows component, then terminating it may crash your system immediately (and it always introduces a risk of system instability). If you've data you need to save elsewhere then it may be better to try and slow down the rogue process, reduce its grab on your resources, so you can use other programs again and close everything down properly. Fortunately Task Manager can help here, too.

Right-click your CPU-hogging process, select Set Priority > Low, and Windows should immediately give more CPU time to just about everything else on your PC. The program will still be running, it just shouldn't interfere with other apps to the same degree, and they should be accessible again.

If there are still problems, right-click the process and select Set Affinity. This option lets you decide which CPU cores a process can use. If you clear one of these then that core will become available to other applications, which should significantly improve their performance.

8. Understand CPU utilisation

Occasionally your PC will seem slow, as though something is using all your CPU time, but the regular CPU column won't display an obvious candidate. So what's going on?

Launch Task Manager, and click the Performance tab to see a graph of your CPU Usage History: it's pretty, but there's more to it than that. Click View and select Show Kernel Times (so it's checked). What you'll now see is two graph lines: one green, representing total CPU utilisation, and one red, representing the time consumed by the kernel.

When the green peaks are high, red peaks low then the culprit is a user mode process, probably just a regular application. But if the red peaks are consistently high then that shows your CPU time is being grabbed by something in the kernel, probably a driver, but perhaps also a Windows component, ma
FIND THE CULPRIT:Is a buggy driver grabbing too much CPU time? The Performance graph can offer useful clues

9. Create a dump file


If a program has locked up then you may able to use the Windows Debugging Tools to find out why.

Launch Task Manager first, click the Processes tab, right-click the hung process and select Create Dump File. When the process file has been written then Task Manager will give you its name and location.

Then launch the debugger WinDbg, and click File > Open Crash Dump File. Entering the analyze -hang command may tell you more about why a program has locked up, and if not then you can always use other debugger commands to tell you more about the process, its use of RAM, and so on (see the debugger documentation for details).

10. Control your services

If you need to stop or start a Windows service then you could launch the Services applet (services.msc). But why bother? In Windows Vista or 7 it's much quicker to do it from Task Manager. Just click the Services tab, right-click the service you need, and choose the Start or Stop option.

Be careful, though - stopping a critical Windows service can result in your PC locking up immediately (and tinkering with some third-party services is almost as serious). Don't try this unless you know exactly what you're doing.

11. Restart Explorer


Have the taskbar and desktop disappeared for no apparent reason? Explorer has probably crashed: press Ctrl+Shift+Esc and press the Processes tab to check for yourself. If Explorer.exe isn't listed then click File > New Task, type Explorer.exe and click OK to restart it.

Or, if Explorer won't start, your system is generally trashed and you'd like to reboot gracefully, then enter the command shutdown -r and your system should restart.

12. Discover system information

Launching Task Manager and clicking the Performance tab will reveal the total amount of RAM installed in your PC (check the Total in the Physical Memory box).

And the Up Time figure in the System Box tells you how long it's been since you last restarted Windows. The longer this is, the more likely that resource leaks or other issues will begin to cause problems. If your PC's been running for several days, and you're noticing odd behaviour, then consider rebooting - it just might help.

13. Monitor network utilisation

Click the Task Manager Networking tab and you'll see a graph that tracks your current network use over time. This can be useful if you've a network-hogging process that fires on a regular basis, for instance, as you should see a spike on the chart.

Click Options > Tab Always Active if you want Task Manager to keep collecting network usage data, even when the tab isn't displayed. Click View > Update Speed > Low to reduce the sampling time, which allows you to squeeze more minutes of activity onto a single screen. And click View > Network Adapter History to choose exactly what you'd like to graph: the bytes sent, received, or their total.

14. Talk to network users

If you're working on a networked PC then you may want to warn anyone browsing your system that you're about to reboot, close a process or do something else potentially dodgy. Click the Users tab to see who else is connected to your PC right now. By default you'll only see their user name - click Options > Show Full Account Name to see their network PC name, too. Then right-click a user and select Send Message to issue a warning, or Disconnect to kick them off immediately.

15. Use something better

Learning the Task Manager basics is important, as they'll let you diagnose problems on just about any PC. But the tool can only take you so far, and for really in-depth information and control over your applications you'll want to use something better. Process Explorer is the best known alternative and an excellent tool, but Process Hacker is also worth a look - if anything, it's even more powerful.

ABOUT THE AUTHOR
AbhiShek SinGh
Founder of 'TheHackingArticles'. Cyber Security Analyst, Cyber Security Researcher, and Software Engineer. Follow 'AbhiShek SinGh' on Facebook , Twitter or Google+ or via Email

Subscribe to stay up to date