› Q: I want to track the startup times of each running process, but Task Manager does not list the creation date/time of processes. Is there a way to list processes running in the system with their creation time?
This is possible. Here a some options that I can think of:
OPTION 1: USING PROCESS EXPLORER
Process Explorer is an excellent tool from Microsoft Sysinternals which shows a list of the currently active processes, along with many other important details. To view the process creation time, click the View menu in Process Explorer, and click Select Columns… In the Process Performance tab, place a checkmark near the option Start Time, and click OK.
Now you’ll see an additional column named Start Time.
OPTION 2: USING WMI
Another option to get the list of running processes (along with their creation time) is using WMI. (Hint: CreationDate property in the Win32_Process class.)
Here is a small script:
Set objFS = CreateObject("Scripting.FileSystemObject")
Set objNewFile = objFS.CreateTextFile("ProcessList.txt")
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set dtmInstallDate = CreateObject( _
"WbemScripting.SWbemDateTime")
Set colProcesses = objWMIService.ExecQuery( _
"select * from win32_process" )
For Each objProcess in colProcesses
strOutput = strOutput & _
objProcess.Name & " (" & objProcess.ProcessID & ")"
If objProcess.CreationDate <> "null" Then
strOutput = strOutput & vbTab & _
getmytime(objProcess.CreationDate)
End If
If objProcess.ExecutablePath <> "null" Then
strOutput = strOutput & vbTab & _
objProcess.ExecutablePath
End If
strOutput = strOutput & vbCrLf
Next
objNewFile.WriteLine strOutput
Function getmytime(wmitime)
dtmInstallDate.Value = wmitime
getmytime = dtmInstallDate.GetVarDate
End Function
INSTRUCTIONS
Copy the above code to Notepad and save the file as Proclist.vbs. Double-click the file to execute it, and it creates a text file named ProcessList.txt in the same folder where the script resides.
The text file contains the list of process names with their creation times, sorted in chronological order.
OPTION 3: Using WMIC (command-line tool)
Before proceeding, you should that the WMIC utility is not be available in the Home editions of Windows XP and Windows Vista Operating Systems. If your edition of Windows XP/Vista includes WMIC.EXE (in the C:\Windows\System32\WBEM folder), then read below:
To get the list of running processes with their creation times, open a Command Prompt window (CMD.EXE) and type the following command:
Press ENTER. You’ll see output similar to below:
20080404070521.343750+330 services.exe
20080404070521.484375+330 lsass.exe
20080404070524.875000+330 svchost.exe
Note that the time and date are displayed in WMI’s default format. You’ll need to convert it to the standard format which we use. This is quite easy. For more information, see article Converting WMI Dates to a Standard Date-Time Format at the Microsoft Windows Scripting Guide Website.
Bookmark this Page!
BlinkList | del.icio.us | Digg it | Furl | reddit | Spurl | StumbleUpon |
Related Posts
- Configure Task Manager to Display Full Path of Running Processes
- View the List of Services Hosted by the Svchost.exe Process Using Task Manager in Windows 7 and Vista
- Why There Are Two Instances of Sidebar.exe Running
- Multiple Instances of iexplore.exe Run When Using Internet Explorer 8
- How to Start Vista Task Manager in Elevated Mode by Default
- Add Word 97-2003 to the New Menu After Installing Office 2007
- Microsoft Time Zone: Keep Track of the Time in Other Parts of the World
- Restore Point Creation Disabled by Group Policy
- How to Create a System Repair Disk in Windows 7 and Vista
- How to Run Disk Defragmenter on a Remote Computer
If you enjoyed this post, make sure you subscribe to our RSS feed! We feature Tips, Troubleshooting information, Scripts and Utilities for Microsoft Windows Operating Systems!
Prefer an E-mail subscription?
