Watching What Your Computer Is Doing

Your computer, as it runs the many programs that you (or others) start on it, and access other computers on your local or wide area network, is very busy. Even when you aren't doing anything intentionally, your computer is still busy. Sometimes, knowing what your computer is actually doing, at any time, is a critical need.

Long years ago, a computer would be pictured in a movie as a big metal box, with lots of flashing lights. Those lights were used, at that time, to tell what the computer was doing. Those computers ran very slowly (sometimes, not at all), and the flashing lights were critical to knowing what was going on, at any time.

The equivalent of a Blue Screen Of Death was known as (among other terms, some of which won't ever be discussed here) a Hard Stop. When a Hard Stop occurred (which could be many times / day, depending upon what programs were running), the lights would be used to describe what the computer had been doing, and to display the contents of memory and registers.

Today, no computer could ever drive enough lights to tell you anything useful. You typically have three lights on your computer. These lights tell you that the computer is doing something, Period.

1. Disk activity.
   
2. Network activity.
   
3. Power.
   

If you want to have any idea what your computer is doing, you'll have to at least list the tasks it's running. Task Manager is provided as a native component in Windows. Process Explorer (free) from the SysInternals division of Microsoft, provides more detail than Task Manager.

Knowing what tasks are running is a good place to start, but it's only a start. How do you know what each task is doing? I use Filemon and Regmon (both free, and both again from SysInternals).

• Filemon lists files, as accessed (read and / or written) by any given process.
  
• Regmon lists registry values, as accessed (read and / or written) by any given process.
  

You can use both programs simultaneously, or either program separately, at your convenience.

1. Open the application that interests you.
   
2. Identify the application in Process Explorer, and get its PID. Maybe use the Process Finder to automatically locate the entry for any visible window.
   
3. Start Filemon / Regmon.
   
4. Create a filter in either application, ":PID" where PID is the PID of the application in question.
   
5. Go back to your application, make the change, and watch what Filemon / Regmon displays.
   
6. When you find an interesting entry in Filemon, you can double click on it, to open Windows Explorer, and display the folder containing it.
   
7. When you find an interesting entry in Regmon, you can double click on it, to automatically open Regedit, and display the registry entry in question.
   
8. The filter used by Filemon and Regmon is very simple, and easy to use - it's a simple text string. If you know a process name, or file or registry path, you can filter on whatever you know. Use your imagination.
   
9. Both Filemon and Regmon use a context menu (right mouse click) for displayed entries, and a toolbar with several other possibilities. Both can display changes continually (automatically scrolling as you watch), or will let you freeze the display, and manually scroll, at your convenience.
   

Besides knowing what your computer is doing right now, it is useful sometimes to know what your computer did when it started up. A lot of processes - legitimate, not legitimate, and some in between the two, are started, by other processes, when the computer starts up. Knowing how any process starts up can be important to knowing what it's doing right now. Autoruns (another SysInternals product) and HijackThis are key tools (both free) that I use for this purpose.

Now all of the above tools are used to monitor your computer, and what it's doing on its own. Most computers are used on a network, and make connections to other computers. TCPView, another SysInternals product, shows you what other computers your computer is connected to, local and distant.

If your computer uses WiFi for connectivity, knowing who shares the WiFi spectrum with you could be relevant.

And remember that most computers running Windows contain some server functionality. If your computer is on a local network with other Windows computers, sometimes knowing who else is accessing it is useful too.

>> Top