Determine Program Path from Task Manager for Running Process
Task Manager is a very useful utility built-in to the Windows operating system that can be launched from a few different methods such as right clicking on task bar and selecting “Start Task Manager”, pressing Ctrl+Shift+Esc, running taskmgr.exe, from start menu and etc. For computer beginners, Task Manager is mostly used to forcefully end a process that is not responding or hung. For advanced users, it can be used to look for suspicious running processes.
The Task Manager in Windows XP has very limited functionality. First of all, there is no easy way to determine the program path for running process because it only shows the image name and you’ll have to perform a search on the whole hard drive to look for the filename. Although it is possible to display more information about the process in Task Manager from View > Select Columns, there is not even an option to display the program path from the 24 available options.
It is important to know the exact path to a running process because a malicious software can trick a user into thinking that it is a legitimate process by impersonating the filename, but located at a different path. In this article we’ll show you a couple of different ways to easily determine the program path for running processes shown in Task Manager.
The Windows Task Manager in XP does not support displaying the program path. There is however a workaround which is to display the PID (Process ID) from task manager by going to View menu bar, select “Select Columns”, tick the PID (Process Identifier) checkbox and click OK. Now you should see an additional PID column showing up in the Processes tab of Task Manager.
Now press Win+R, type msinfo32.exe into the Run dialog box and click OK which will run the System Information program. Expand Software Environment > Running Tasks and take note of the Process ID column. All you need to do is match the PID number from the Task Manager with the Process ID in System Information. The Path column will show the program’s path.
A lot of improvements has be made for Task Manager in Windows 7. It is able to show the “real” memory usage and also support showing of the program’s path. Click on View at the menu bar, select columns, tick the “Image Path Name” checkbox and click OK.
The Task Manager in Windows 8 shows fewer details by default but still can be used to determine the program’s path. The first method is to right click on the process at Task Manager and select the “Open file location” option that will launch Windows Explorer with the program’s path. Alternatively you can also select “Properties to bring up the program’s properties which shows the location of the program.
Now if you click the “More Details” button, the simple Task Manager will be transformed into a more comprehensive mode that shows a lot more detailed information such as performance, app history, startup-up, services and etc.
At the Processes tab, you can show the program path by right clicking at the top column and select “Command line”. At the Details tab, you can also right click at the top column and choose “select columns”. Both “Image path name” and “Command line” option is able to show the process program path.
Most if not all of third party task management tools should be able to support showing of the process path. One good example is DTaskManager that shows the full path of the process at the main GUI without requiring any configuration.
For advanced malware that hides deep in the operating system using rootkit technology, it is impossible for these normal third party task management software such as the DTaskManager to detect and list the process in the program. You will need to rely on a more powerful anti rootkit tool such as PowerTool that also works at the same level as the rootkit malware to detect the hidden process.
You might also like:
7 Task Management Tools that can Replace the Windows Task Manager
Kill Processes From an Excel Spreadsheet Based Task Manager
Fix Windows Task Manager With Missing Tabs and Menu
Find Out the Command Line Location When Windows Opens a Process
10 Tools to Easily Determine If a Specific Process is Secretly Accessing the Internet
Thanks bro
thanks dude
thanks ,,I too struggled along with the process,,,
Very useful post…Thanks Raymond.
simple, yet so useful! :)
thanks!
I like it thanks
you certainly have a way with computers man…keep up the good work..
This is fantastic. Thank you very much. I had a case today where there is a program in the process list using 50% cpu and I wanted to to know where it was launched from. Thank you again
Thanks you!!
Another nice post on your count!!!
Best regards.
Jose Martinez.
Thank you.
I knew that there had to be a way to find this information while not using a 3rd party program. After all, the OS developers had to use something and we all know how much XP is full of information (Bloat Ware). You just have to know where to find it.
Usually I use Process Explorer.
I run Process Explorer but this is still very useful to know.
Thanks.
Thx for the info.
Hi,
Thanks for the nice tip!!
have a nice day
Alan
Thanks.. this is very useful
Nice Topic, Good Job
Awesome, never knew that. Thanks
Thanks a lot..
I was looking this possibility since a long time……
:)
Thank you very much for the article.
Before, the same as you do, I’m search for the entire system drive to locate the running process.
I never know this before that you can use built in system information.
I used DTaskManager for this kind of task, and you can use this to replace task manager in windows XP.
good article , thx for the info.
Thanks for very useful tip. I also used to search the process name throughout the entire C drive and sometimes found that executable was running from D drive (malware). Your tip will help me better diagnose on XP platform.