Determine Program Path from Task Manager for Running Process

Task Manager is a very useful utility built-in to the Windows operating system that can be launched from a few different methods such as right clicking on task bar and selecting “Start Task Manager”, pressing Ctrl+Shift+Esc, running taskmgr.exe, from start menu and etc. For computer beginners, Task Manager is mostly used to forcefully end a process that is not responding or hung. For advanced users, it can be used to look for suspicious running processes.

The Task Manager in Windows XP has very limited functionality. First of all, there is no easy way to determine the program path for running process because it only shows the image name and you’ll have to perform a search on the whole hard drive to look for the filename. Although it is possible to display more information about the process in Task Manager from View > Select Columns, there is not even an option to display the program path from the 24 available options.

It is important to know the exact path to a running process because a malicious software can trick a user into thinking that it is a legitimate process by impersonating the filename, but located at a different path. In this article we’ll show you a couple of different ways to easily determine the program path for running processes shown in Task Manager. The Windows Task Manager in XP does not support displaying the program path. There is however a workaround which is to display the PID (Process ID) from task manager by going to View menu bar, select “Select Columns”, tick the PID (Process Identifier) checkbox and click OK. Now you should see an additional PID column showing up in the Processes tab of Task Manager.

Now press Win+R, type msinfo32.exe into the Run dialog box and click OK which will run the System Information program. Expand Software Environment > Running Tasks and take note of the Process ID column. All you need to do is match the PID number from the Task Manager with the Process ID in System Information. The Path column will show the program’s path.

A lot of improvements has be made for Task Manager in Windows 7. It is able to show the “real” memory usage and also support showing of the program’s path. Click on View at the menu bar, select columns, tick the “Image Path Name” checkbox and click OK.

The Task Manager in Windows 8 shows fewer details by default but still can be used to determine the program’s path. The first method is to right click on the process at Task Manager and select the “Open file location” option that will launch Windows Explorer with the program’s path. Alternatively you can also select “Properties to bring up the program’s properties which shows the location of the program.

Now if you click the “More Details” button, the simple Task Manager will be transformed into a more comprehensive mode that shows a lot more detailed information such as performance, app history, startup-up, services and etc.

At the Processes tab, you can show the program path by right clicking at the top column and select “Command line”. At the Details tab, you can also right click at the top column and choose “select columns”. Both “Image path name” and “Command line” option is able to show the process program path.

Most if not all of third party task management tools should be able to support showing of the process path. One good example is DTaskManager that shows the full path of the process at the main GUI without requiring any configuration.

For advanced malware that hides deep in the operating system using rootkit technology, it is impossible for these normal third party task management software such as the DTaskManager to detect and list the process in the program. You will need to rely on a more powerful anti rootkit tool such as PowerTool that also works at the same level as the rootkit malware to detect the hidden process.