Targeting the obscure.
Yes, and it’s useful about 90% of the time.
I’ll show you how and explain why getting the answer isn’t always helpful.
Become a Patron of Ask Leo! and go ad-free!
Where'd this window come from?
Process Explorer, from SysInternals Tools in the Microsoft store, has a tool that will identify the specific process responsible for displaying a window. Most of the time, dragging and dropping the Process Explorer target icon onto the window in question will tell you exactly what you need to know.
The utility is Microsoft’s free Process Explorer. If you haven’t already done so, install the free SysInternals Tools from the Microsoft store. After you install SysInternals Tools, Process Explorer will appear on the Start menu.
It’s a utility I use so often that I have a shortcut to it on every Windows machine I run.
Once running, what I’ll call a “sonar” or “target” icon appears in its menu bar.
Right-click and hold on that icon.
Now drag and drop that “target” icon on top of the window whose owner you’re trying to identify.
Process Explorer will highlight the process that owns that window in its list of running processes.
That’s all it takes to determine what program running on your computer is responsible for displaying the window you’re interested in. Here’s an animation of the process.
Not always helpful
For many running programs, Process Explorer can tell you exactly what you need to know. Admittedly, most programs are supposed to identify themselves in their title bars, so you shouldn’t need to jump through this hoop, but not all are obvious.
The problem is when you drop the target onto a window or message box and Process Explorer highlights svchost.exe.
As we’ve discussed before, svchost.exe, or “Service Host“, is a general-purpose program Windows uses internally to run many different (and possibly unrelated) services. Knowing that a message or window is displayed by svchost.exe is interesting, perhaps, but it doesn’t tell you which service actually caused that message to appear.
Knowing that it’s svchost and using Process Explorer to at least identify the services being provided might be enough of a clue. If not, the next step would be to search the internet for any identifying text in the message or window that you’re trying to identify, along with the keyword “svchost”.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!