Watching What Your Computer Is Doing

Your computer, as it runs the many programs that you (or others) start on it, and access other computers on your local or wide area network, is very busy. Even when you aren’t doing anything intentionally, your computer is still busy. Sometimes, knowing what your computer is actually doing, at any time, is a critical need.

Long years ago, a computer would be pictured in a movie as a big metal box, with lots of flashing lights. Those lights were used, at that time, to tell what the computer was doing. Those computers ran very slowly (sometimes, not at all), and the flashing lights were critical to knowing what was going on, at any time.

The equivalent of a Blue Screen Of Death was known as (among other terms, some of which won’t ever be discussed here) a Hard Stop. When a Hard Stop occurred (which could be many times / day, depending upon what programs were running), the lights would be used to describe what the computer had been doing, and to display the contents of memory and registers.

Today, no computer could ever drive enough lights to tell you anything useful. You typically have three lights on your computer. These lights tell you that the computer is doing something, Period.

  1. Disk activity.
  2. Network activity.
  3. Power.

If you want to have any idea what your computer is doing, you’ll have to at least list the tasks it’s running. Task Manager is provided by Microsoft. Process Explorer (free) from SysInternals, is better than Task Manager.

But knowing what tasks are running won’t tell you very much. How do you know what each task is doing? I use Filemon and Regmon (both free, and both again from SysInternals).

  • Filemon lists files, as accessed (read and / or written) by any given process.
  • Regmon lists registry values, as accessed (read and / or written) by any given process.

You can use both programs simultaneously, or either program separately, at your convenience.

  1. Open the application that interests you.
  2. Identify the application in Process Explorer, and get its PID. Maybe use the Process Finder to automatically locate the entry for any visible window.
  3. Start Filemon / Regmon.
  4. Create a filter in either application, “:PID” where PID is the PID of the application in question.
  5. Go back to your application, make the change, and watch what Filemon / Regmon displays.
  6. When you find an interesting entry in Filemon, you can double click on it, to open Windows Explorer, and display the folder containing it.
  7. When you find an interesting entry in Regmon, you can double click on it, to automatically open Regedit, and display the registry entry in question.
  8. The filter used by Filemon and Regmon is very simple, and easy to use – it’s a simple text string. If you know a process name, or file or registry path, you can filter on whatever you know. Use your imagination.
  9. Both Filemon and Regmon use a context menu (right mouse click) for displayed entries, and a toolbar with several other possibilities. Both can display changes continually (automatically scrolling as you watch), or will let you freeze the display, and manually scroll, at your convenience.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: