Microsoft® Windows® 2000 Scripting Guide
Users tend to think of software in terms of shrink-wrapped boxes bought at the local computer store. System administrators tend to think of software as something that needs to be installed, upgraded, and, on occasion, removed. Few people think of software as a dynamic entity that needs to be monitored and managed in the same way you need to monitor and manage such things as printers, disk drives, or services.
Managing software that is actually running, as opposed to software that is simply waiting to be installed, upgraded, or removed, is a very important, yet often overlooked, system administration task. This type of management (often referred to as process management) helps ensure that your computers run efficiently and effectively, and that they run legally as well. Software that is not running as expected might use up a disproportionate amount of system resources; in fact, a single errant process could exhaust all available memory and bring a computer to a halt. Unlicensed (and thus illegal) software running on a system might have ramifications that go much further.
Scripting can be used to help keep track of the software running on a computer, to help ensure that this software runs efficiently, and to stop and start software as needed. All of these activities fall under the umbrella of process management.
What Is a Process?
A process is a running instance of an application or executable file, along with all the system resources that have been allocated to that instance. In general, a process is equivalent to a single application or service; for example, Microsoft® Word runs in the Winword.exe process.
A script is not equivalent to a process. Instead, each script runs in an instance of the scripting host process; each time you run a VBScript script, an instance of either Wscript.exe or Cscript.exe is started. If you start five scripts, the Task Manager lists five instances of Wscript.exe. It does not list the names of the individual scripts running in each of these processes.
To a user, a process appears as a single entity (such as Winword.exe). The operating system, however, takes a very different view of processes. It is this view that helps explain how processes work and, equally important, what happens when they do not work.
How Processes Work
Each process is composed of a set of threads. A thread is a unit of work that runs simultaneously with other units of work on the computer; each process must have at least one thread.
Threads represent the basic unit of execution in the Windows 2000. When a thread starts, the Windows 2000 Memory Manager allocates enough physical memory and page file space to allow the thread to run. While a thread is running, it can request additional memory to enable it to complete its task. When a thread ends, it releases the memory it was using back to the Memory Manager for reallocation.
Memory is also allocated based on the number of threads spawned by each process. For example, consider a computer running two processes. Process A has 5 threads, and Process B has 15 threads. Assuming the two processes have equal priority, Process A is allocated 25 percent (5 / 20) of the memory being used and Process B is allocated 75 percent (15 / 20) of the memory being used.
This method of thread allocation helps ensure that applications receive the memory they need. However, this same method can also result in memory leaks. A memory leak occurs when an application receives an increasing amount of memory but does not relinquish that memory back to the Memory Manager. This typically happens when a process creates threads but does not destroy those threads when they have finished their work. This disrupts memory allocation in two ways:
Each thread that is created is allocated a certain amount of memory. If the thread is not destroyed, that memory is retained by the process and is not reallocated.
The number of threads created by a process determines how much memory is allocated to the process. If a process continually creates threads without destroying them, the number of threads owned by that process keeps increasing and the process receives a disproportionate share of memory.
If left unchecked, a single process can eventually exhaust the supply of available memory, causing the system to fail. This alone provides an important reason for carefully monitoring and managing the processes running on your computers.