List running processes and their creation times
Q: I want to track the startup times of each running process, but Task Manager does not list the creation date/time of processes. Is there a way to list processes running in the system with their creation time?
This is possible. Here a some options that I can think of:
OPTION 1: USING PROCESS EXPLORER
Process Explorer is an excellent tool from Microsoft Sysinternals which shows a list of the currently active processes, along with many other important details. To view the process creation time, click the View menu in Process Explorer, and click Select Columns… In the Process Performance tab, place a checkmark near the option Start Time, and click OK.
Now you’ll see an additional column named Start Time.
OPTION 2: USING WMI
Another option to get the list of running processes (along with their creation time) is using WMI. (Hint: CreationDate property in the Win32_Process class.)
Here is a small script:
Set objFS = CreateObject("Scripting.FileSystemObject")
Set objNewFile = objFS.CreateTextFile("ProcessList.txt")
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set dtmInstallDate = CreateObject( _
"WbemScripting.SWbemDateTime")
Set colProcesses = objWMIService.ExecQuery( _
"select * from win32_process" )
For Each objProcess in colProcesses
strOutput = strOutput & _
objProcess.Name & " (" & objProcess.ProcessID & ")"
If objProcess.CreationDate <> "null" Then
strOutput = strOutput & vbTab & _
getmytime(objProcess.CreationDate)
End If
If objProcess.ExecutablePath <> "null" Then
strOutput = strOutput & vbTab & _
objProcess.ExecutablePath
End If
strOutput = strOutput & vbCrLf
Next
objNewFile.WriteLine strOutput
Function getmytime(wmitime)
dtmInstallDate.Value = wmitime
getmytime = dtmInstallDate.GetVarDate
End Function
INSTRUCTIONS
Copy the above code to Notepad and save the file as Proclist.vbs. Double-click the file to execute it, and it creates a text file named ProcessList.txt in the same folder where the script resides.
The text file contains the list of process names with their creation times, sorted in chronological order.
OPTION 3: Using WMIC (command-line tool)
Before proceeding, you should that the WMIC utility is not be available in the Home editions of Windows XP and Windows Vista Operating Systems. If your edition of Windows XP/Vista includes WMIC.EXE (in the C:\Windows\System32\WBEM folder), then read below:
To get the list of running processes with their creation times, open a Command Prompt window (CMD.EXE) and type the following command:
Press ENTER. You’ll see output similar to below:
20080404070521.343750+330 services.exe
20080404070521.484375+330 lsass.exe
20080404070524.875000+330 svchost.exe
Note that the time and date are displayed in WMI’s default format. You’ll need to convert it to the standard format which we use. This is quite easy. For more information, see article Converting WMI Dates to a Standard Date-Time Format at the Microsoft Windows Scripting Guide Website.
RELATED POSTS
- Configure Task Manager to display full path of running processes
- Why there are two instances of Sidebar.exe running
- How to Print the Windows Update history in Vista
- Know which devices can wake up your PC from Sleep mode
- How to run Disk Defragmenter on a remote computer
Bookmark this Page!BlinkList | del.icio.us | Digg it | Furl | reddit | Spurl | StumbleUpon | Wink |
If you enjoyed this post, make sure you 
Prefer an E-mail subscription?