What's running? Use What's Running

The company that published that tool, Sysinternals, is now owned by Microsoft and a much improved version of Process Explorer can be found on the Microsoft Sysinternals Web site.

We just discovered a similar tool for people struggling with Windows systems: What's Running, published by Christer Fahlgren. What's Running works with Windows 2000, XP and 2003, and is very ambitious in its efforts to extract as much information as possible from a Windows system.

For the most part, What's Running uses a two-column layout. The left column lists six views -- Processes, Services, Modules, IP Connections, Drivers and Startup -- and provides a set of snapshot functions that save the currently discovered data in an XML format. You also can reload previous snapshots and compare them with the current snapshot to show only the differences.

The right-hand column shows the data for the selected view, and all views can be configured to show as much or as little detail as needed. All views but Startup have an additional subcolumn to the right that shows the details of the currently selected item. There's also a set of tabs at the top that can be used to select the views and provide an additional view not listed in the left-hand column.

The Process view shows all processes. You can sort this or any view by any column. The Process view includes a hierarchical tree of the processes or an alphabetic list along with items such as Process ID and CPU utilization.

Selecting a process in the right column displays its details in the additional subcolumn, and includes the process' name, Dynamic Link Libraries (DLL), used, parent process, processor use, memory use, handles used, services running within the process and IP connections in use.

The IP Connections view details remote connections of each running process as well as the process' name, ports used, what connections they are listening for and the connection's status.

The Services view shows what services are loaded, their status, services, type and so on, while the Modules view shows detailed information on all DLLs and EXEs in use and can directly open the folder where the module's file is located. It also provides the reverse of the process view finding all of the processes that have loaded a specific module.

The Drivers view shows information on all drivers, whether loaded or not loaded but registered. It also shows details about running drivers, such as file version, vendor name, dependencies and load order group.

As we noted, the Startup view doesn't have an extra column. In this view all startup items are listed, and you can enable or disable, edit delete, and create new startup items that are controlled by the registry or by the start-up folder.

The final view, System Info, is selectable from the tabs but not the left-hand views column, and it doesn't have an extra column. It displays basic system information such as installed memory, processor and registered user.

What's Running provides a wealth of useful system information that, combined with the snapshot feature, makes for an incredibly useful system analysis and documenting tool. In use, What's Running is different from Process Explorer in that it imposes fairly significant processor overhead, making it much less suitable as a replacement for the Windows Task Manager.

What's Running is free for personal use and $25 for a single copy for business use.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

IT Salary Survey 2021: The results are in