I'll start right away with a small educational program. Task Manager (from English Windows Task Manager) is a computer utility in the Windows operating system for displaying a list of running processes, as well as the resources they consume. There is also a number of additional functions, including the ability to monitor the load on RAM, processes, network connections, etc.
In most cases, an ordinary user turns to the task manager only in emergency cases, when, for example, it is necessary to close an application that does not want to close using the standard method (that is, it is frozen).
What is the task manager for and how to start it
Task Manager (TaskManager, task manager) is a utility included in Windows operating systems. With its help, the user can:
- view the list of applications, processes, and system services running in the system;
- launch new tasks;
- terminate unnecessary or frozen processes, change their priorities;
- monitor the activity of your computer’s network connections;
- Monitor online the status of system performance, assessing the degree of load on processor cores and the amount of RAM usage.
Video: Windows 7 Basics
How to start
The easiest way to launch the task manager is to press the combination Ctrl+Shift+Esc on your keyboard.
The combination Ctrl+Shift+Esc opens the task manager window
Another option is to use the keyboard to access:
- Press Ctrl+Alt+Del.
- In the Windows Security screen that opens, click on “Start Task Manager.”
Launching Task Manager is at the very bottom of the list of available security screen commands
In two clicks of the mouse you can open Task Manager using the taskbar. In a space free from running tasks, right-click on the panel, and left-click on the “Launch task manager” item from the context menu that opens.
To launch Task Manager, right-click on the taskbar and in the context menu that appears, select “Start task manager”
You can use launch by the name of the dispatcher executable file.
- Open the Run window (Win+R).
- Write “taskmgr.exe” in it and click the “OK” button.
Type "taskmgr.exe" in the Run window and click OK
Video: how to open task manager
Create a shortcut on the taskbar
In order not to break your fingers with hotkeys and not constantly copy commands, you can make it even simpler - add the desired shortcut to quickly call the utility directly to the Taskbar. Make it easier than ever!
First, open the “Dispatcher” using any of the methods described above. It is necessary for its window to appear on the Taskbar.
After that, right-click on it and select “Pin to panel...” from the context menu that appears.
Essential elements
The Windows 7 Task Manager window contains:
- Main menu;
- work area consisting of 6 tabs;
- status bar.
The status bar displays data on the number of running processes, the CPU load level, and the percentage of memory usage.
Information in the utility is grouped into six tabs
The Applications tab contains a list of all programs currently running on the computer, but does not show applications hidden in the system tray (for example, Punto Switcher or antivirus).
Below the table there is a row of buttons. The “End task” button allows you to forcefully terminate a frozen application. Please note that the application does not save any data when you terminate it this way. If the task does not clear, try using the context menu to go to the application process and end it.
To quickly find and “pull” to the top the window of the program you are interested in, select it in the table and click the “Switch” button.
The “New task...” button actually opens the “Run” window. Here you can run the application you need, even if Windows Explorer is damaged or unloaded. There is one more little trick. If you click on this button while holding down the Ctrl key, it will open not the “Run” window, but the command line. This may be useful if a virus has damaged the associations of executable EXE files in the system registry.
In the “Applications” tab, you can switch to the application you are interested in, remove it if necessary, and also launch a new task
The second tab “Processes” also provides a list of programs running in the system. It shows not only programs open on the desktop, but also minimized, hidden and system processes. For each process, the percentage of CPU time used, RAM consumption, the user owner of the process, and its text description are indicated.
For each process, data is provided on its use of processor time and RAM, as well as its description.
Any process can be attempted to be terminated forcefully, for example, if it places a heavy load on the central processor. However, you should be careful when closing system processes so as not to disrupt the normal operation of the system. To figure out exactly what process you need, either its name, which is often similar to the name of the application (for example, the process “Photoshop.exe” corresponds to the application “Adobe Photoshop CC 2015”), or its description.
In addition to termination, you can change the priority value for any process using the context menu. A higher priority allows the specified process to be allocated more resources, causing it to run faster. By default, the system assigns the priority value “medium” to all processes launched by the user. It should be remembered that unreasonable distribution of priorities can lead to the crash of the OS if the system cannot obtain the required number of CPU time slices for the functioning of its services.
By default, all processes that the user starts are given a medium priority level by the OS.
The context menu item “Open file storage location” allows you to get to the directory in which the executable file is located.
The “Services” tab contains a list of programs, most of which start when the OS starts and work in the background. The tab allows you to stop or start the desired service or go to the process that is associated with it; it duplicates the capabilities of the Services snap-in in the Windows Control Panel. Using the “Services...” button located below the table, you can open the window of this snap-in directly from the task manager.
For the AVP service it is possible to switch to the Kaspersky Antivirus process
The “Performance” tab graphically displays data on both the current state of CPU load, the amount of RAM used, and the chronology of changes in these parameters. A user with administrator rights has access to the “Resource Monitor...” button, which opens a window with more detailed information about the consumption of system resources.
The tab provides data on the current level of use of the main hardware resources of the PC
The Network tab (if there are network connections) displays a graph of network activity. Using it, you can calculate the intensity of network adapter usage and its throughput. Below the graphs there is a table with the current parameters of network connections. The number of columns in this table can be adjusted using the “View” main menu item.
Below the network activity graphs there is a customizable table of current network connection parameters
The last tab “Users” provides information about all system users who have active sessions. If you have administrative rights, you can disable or log out the selected user. When you exit, the user's work is saved, and when you disconnect, it is lost.
On the Users tab, you can disable or log out a selected user
Processes
A process should be thought of as a container with a set of resources for executing a program. That is, we launch a program, part of the computer resources is allocated for it, and this program works with these resources.
Processes are needed by the operating system for multitasking, since programs work in their own processes and do not interfere with each other, while being processed by the processor in turn.
Windows processes consist of the following:
- Closed virtual address space, that is, a part of RAM allocated for a process, which is called virtual.
- An executable program executes its code and places it in virtual memory.
- List of open handles. A process can open or create objects, such as files or other processes. These objects are numbered, and their numbers are called descriptors. Referring to an object by handle is faster than by name.
- Security context. This includes process user, group, privileges, session, and more.
- The process identifier, that is, its unique number.
- Program thread (at least one or more). In order for a process to do anything, a program thread must exist in it. If there is no thread, then something went wrong, perhaps the process could not end or start correctly.
Processes have many more properties that you can view in “ Task Manager ” or “ Process Explorer ”.
The process can be in different states:
- Running - usually all background processes will be in this state, and if the process has a window, it means that the application is ready to receive data from the user.
- Suspended - means that all threads of the process are in a suspended state. Windows Apps enter this state when the window is minimized to save resources.
- Not responding - means that the program thread has not checked its message queue for more than 5 seconds. The thread may be busy and CPU intensive, or it may be waiting for I/O operations. In this case, the application window freezes.
There are three types of processes in Windows:
- Applications . Processes of running applications. These apps have a window on your desktop that you can minimize, maximize, or close.
- Background processes . Such processes run in the background and do not have a window. Some application processes become background when you minimize them to tray.
- Windows processes . Processes of the operating system itself, for example “Print Manager” or “Explorer”.
Subtleties of working with TaskManager
To identify a particular Windows process (both user and system), you should use an Internet search. There are entire online databases devoted to this issue, for example, ProcessLibrary.
Information about the process "conhost.exe" on the ProcessLibrary website
Using the search, on ProcessLibrary you can get all the information about the process you are interested in: a detailed description, whether it is harmful to the system, how resource-intensive its execution is, and, most importantly, whether it can be disabled.
Video: Windows Task Manager: disabling unnecessary services and processes
https://youtube.com/watch?v=U0pa-vC_laM
When working with a home computer, it is recommended that immediately after installing the operating system, you familiarize yourself with the list of processes that it starts. In the future, if an infection is suspected, it will be possible to display a list of processes and immediately exclude from consideration those that were present from the very beginning.
Kaspersky Lab
https://support.kaspersky.ru/viruses/general/1344
The initial number of processes on a newly installed Windows 7 can be several dozen (on average, about thirty). This is the number of utilities that the system itself requires for successful operation. In the future, after the user installs additional software that registers itself in the system startup (Dropbox, Punto Switcher, uTorrent) or creates new services (Adobe Flash Player Update Service), the number of processes in the task manager can increase several times.
The number of processes after loading a newly installed Windows 7 is about thirty
Of course, too many simultaneously running processes can affect the performance of the PC and the comfort of working with it. Not all applications and services are constantly in demand by the user; sometimes they only consume resources that other programs lack. Then they should be terminated using the corresponding button on the “Processes” tab of the task manager.
If the process is a service or program that loads automatically with Windows, you can disable it using the “msconfig.exe” system utility. For this:
- Open the Run window (Win+R).
- Type "msconfig.exe" and click OK.
- In the “Services” and “Startup” tabs, uncheck those programs and services that you do not need.
- Close the System Configuration window and restart your computer.
Uncheck those programs that should not load automatically when Windows starts
One application can run multiple processes. So the Google Chrome browser creates a new process for each tab opened by the user.
There may be more than ten running processes with the name “svchost.exe”. This is normal because each process loads one or more services from dynamic link libraries (DLLs). Very often, viruses try to disguise themselves with a name similar to svchost. How to distinguish a real utility from a fake one is described in detail on the Microsoft Community website.
The number of running svchost.exe processes can reach several dozen, depending on the number of running Windows services
If the list of processes contains programs that you did not install, but they are actively consuming system resources, you should suspect that your PC has become a victim of a virus attack. Check your computer with anti-virus programs, anti-virus scanners such as “CureIt” from Dr.Web or “Kaspersky Virus Removal Tool” from KasperskyLab.
Streams
It is not the processes themselves that are processed on the central processor, but program threads. Each thread is code loaded by the program. The program can run in one thread or create several. If a program runs in several threads, then it can be executed on different processor cores. You can look at threads using Process Explorer .
The stream contains:
- two stacks: for kernel mode and for user mode;
- local thread memory ( TLS , Thread-Local Storage);
- unique thread identifier ( TID , Thread ID).
An application can create an additional thread, for example, when the application has a graphical interface that runs in one thread and waits for some data from the user, while a second thread processes other data.
Examining thread activity is important if you need to understand why a process has stopped responding and a process has a large number of threads running. There can be many threads in the following processes:
- svchost.exe is the main process for Windows services.
- dllhost.exe is responsible for processing applications that use dynamic link libraries. Also responsible for COM and .NET. It also manages IIS processes.
- lsass.exe is responsible for authorizing local users; simply put, without it, logging in to the system for local users will be impossible.
Hotkeys
Key controls are also available when calling the context menu in any of the manager tabs. So, being on the “Applications” tab and right-clicking on the desired task, you can complete the action by pressing the “Y” button to go to the task process, or by pressing the “D” key to create a memory dump file.
Table: basic keyboard shortcuts that speed up work with the task manager
Hotkey | Action |
F1 | Task Manager Help |
F5 | Update PC status data |
F10 | Entering the main menu of the task manager |
Alt+F4 (or Esc) | Shutdown |
Alt+F Alt+P Alt+B Alt+O Alt+S | Enter the desired main menu item |
Ctrl+Tab | go to next tab |
Ctrl+Shift+Tab | go to previous tab |
Applications Tab | |
Alt+Z | Cancel task |
Alt+E | Switch |
Alt+H | New task |
Processes Tab | |
Alt+F | Display/not display processes of all users |
Alt+Z | End the process |
Services Tab | |
Alt+L | Launching the Services snap-in |
Performance Tab | |
Alt+M | Launching Resource Monitor |
Users Tab | |
Alt+H | Disable user |
Alt+С | User logout |
Alt+O | send a message |
Process Explorer
Installation and preparation for work
More detailed information about processes and threads can be obtained using the Process Explorer from the Sysinternals . It needs to be downloaded and launched .
Some features of Process Explorer :
- information on process rights: who is the owner of the process, who has access to it;
- highlighting processes and threads in different colors for easy perception of information: service processes – pink;
- your own processes - blue;
- new processes – green;
- completed processes – red;
- number of descriptors for the process;
- detailed information about memory allocation.
Launch Process Explorer :
Next you need to configure the symbolic name server. If this is not done, when you double-click on the process, in the Threads , you will receive a message stating that symbolic names are not configured:
First, download the “Windows 10 SDK” .
You don’t need to install everything, just select “ Debugging Tools for Windows ” during installation:
To configure symbolic names, go to Options / Configure / Symbols. Enter the path to the Dbghelp.dll , which is inside the installed " Windows 10 SDK " by default:
- C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Dbghelp.dll.
And the path to the symbolic information server:
- srv*C:\Symbols*https://msdl.microsoft.com/download/symbols
Wherein:
- C:\Symbols — path to the caching local folder;
- https://msdl.microsoft.com/download/symbols - microsoft server.
Some basic Process Explorer :
- Changing the color selection – Options / Configure Colors .
- Selecting columns with information about processes – View / Select Columns .
- Process column , on the first click the sorting will be in alphabetical order, on the second in reverse order, on the third it will return to the tree view.
- View only your processes – View / uncheck Show Processes from All Users .
- Setting the highlighting time for newly launched processes and completed ones – Options / Difference Highlight Duration / enter the number of seconds.
- To explore a process in more detail, you can double-click on it and view the information in the various tabs.
- Open the lower panel to view open handles or libraries – Vies / Show Lower Panel .
Threads in Process Explorer
The threads of an individual process can be seen in Process Explorer . To do this, double-click on the process and in the window that opens, go to the “ Threads ” tab:
The columns show information for each stream:
- TID - thread identifier.
- CPU - processor load.
- Cycles Delta is the total number of CPU cycles this process has used since Process Explorer was last updated. The program update speed can be adjusted by specifying, for example, 5 minutes.
- Suspend Count — the number of thread suspensions.
- Service — name of the service.
- Start Address - the starting address of the procedure that starts executing a new thread. Output in the format: “module!function”.
When a stream is selected, the following information is shown below:
- Thread ID.
- The start time of the thread.
- Flow state.
- Execution time in kernel mode and user mode.
- CPU context switch counter.
- Number of processor cycles.
- Basic priority.
- Dynamic priority (current).
- I/O priority.
- Memory priority.
- Ideal processor (preferred processor).
There are also buttons:
- Stack — view the process stack;
- Module — view the properties of the running executable file;
- Permission — view the rights to the stream;
- Kill - terminate the thread;
- Suspend - pause the stream.
Alternative Windows task management utilities
The task of monitoring and managing processes has prompted a number of developers to create alternative solutions. Enthusiasts have developed utilities that implement both individual, in-demand functions of the dispatcher, and software that significantly expands its functional capabilities.
KillProcess
Since the majority of users use the task manager only to terminate harmful or frozen applications, there are utilities that implement only this action. One of the most successful process killers is the KillProcess utility from Orange Lamp. The application is capable of generating lists of processes that will be completed with one click. In addition, the utility can terminate even Microsoft-protected processes and keep track of the number of processes allowed and prohibited from running. The application can be downloaded both as an installer and a portable version that does not require installation.
The utility is capable of unloading several processes in one click
Daphne
Initially, Daphne was designed as a convenient tool for “killing” frozen processes, but with each subsequent version it acquired more and more new functions. The Daphne interface consists of a top panel with data on the intensity of PC resource usage and system operating time, as well as a window with a list of all current processes. Each line provides detailed information about the process, including a command line with startup options. All operations with processes are performed using the context menu. In addition to standard functions, it is possible to complete the process at a designated time, search for information about the process in the developer’s database, and also create a “trap” for the process. The “trap” monitors the behavior of the selected application and, when certain conditions occur, performs one of the proposed actions on the process.
The most “gluttonous” applications in the list are highlighted in color
Free Extended Task Manager
Free Extended Task Manager is an almost complete analogue of the standard Windows task manager. Its advantages over the built-in solution are monitoring of hard drive activity, information about the use of computer network ports, and the ability to find the process blocking it by file name.
The difference from the standard task manager is that it monitors the activity of not only the processor and RAM, but also disks
Process Explorer
Utility from Mark Russinovich and Sysinternals. Process Explorer is recommended by Microsoft as an alternative to Task Manager in Windows. The program does not require registration or installation. In the utility settings, it is possible to install Process Explorer as a replacement for the standard task manager.
The utility window displays a list of running processes, and to the right of it there is a table with brief information about them. In the lower panel of the program, you can configure the display of additional information about the process of interest. All standard manipulations with processes and tasks are available, viewing the intensity of use of the central processor, RAM, and disks.
Microsoft recommends this product as an alternative to the standard task manager
System Explorer
The System Explorer utility implements all the functionality of the standard Task Manager. Additionally, it includes several options unique to it. Developers maintain their own database of processes, so when the utility is launched for the first time, the user is prompted to check running tasks against records in the database. In addition to operations with processes, the program allows you to manage startup parameters and create system snapshots (files + registry) to track changes made by programs. It also provides tools such as calling system utilities, displaying information about drivers and currently open files.
The abundance of functionality of the System Explorer utility will pleasantly surprise even discerning users
AnVir Task Manager
It’s not for nothing that the developers of AnVir Task Manager compare their brainchild to a Swiss army knife. This utility has almost everything. The Russian version of Anvir Task Manager is completely free. The user will be provided with complete information about running applications, processes and libraries, data on open network connections, the ability to manage the startup list and track changes in it. The utility can even detect and remove viruses and spyware, and blocks attempts to infect the system.
The analysis is based on the characteristics and behavior of the program, as well as information from an integrated database containing records of 70,000 startup programs, Internet Explorer toolbars and system services.
AnVir
https://www.anvir.net/press-reliz.htm
Packed with all sorts of functions and modules, like a Swiss army knife
Anvir Task Manager will also help the user with setting up the operating system. In general, the AnVir utility is a jack of all trades; it can be safely recommended to users of any level as a very successful and functional replacement for the standard Windows task manager.
DBC Task Manager
For those “Seven” users who like the new task manager from Windows 8, but are not eager to change the time-tested system because of this, we can recommend using the DBC Task Manager utility. It completely reproduces the appearance and basic functionality of the task manager of an older version of Windows. The program does not require payment and is available in both 32- and 64-bit versions. The utility does not make any changes to system files and the registry, since it is distributed only as a portable version.
An almost complete copy of the Windows 8 task manager, designed for Windows 7 and Windows Vista
Fibers and User Mode Scheduling
Threads run on the CPU, and the kernel scheduler is responsible for switching them. Due to the fact that such switching is a costly operation. Windows came up with two mechanisms to reduce such costs: fibers and user mode scheduling ( UMS , User Mode Scheduling).
Firstly, a thread can turn into a fiber using a special function, then this fiber can generate other fibers, thus forming a group of fibers. Fibers are not visible to the kernel and do not access the scheduler. Instead, they themselves agree on the sequence in which they will access the processor. But fibers are poorly implemented in Windows; most libraries don't know anything about the existence of fibers. Therefore, fibers can be processed as threads and various failures will begin in the program if it uses such libraries.
UMS (User Mode Scheduling) streams , available only on 64-bit versions of Windows, provide all the key benefits of fiber with minimal of the downsides. UMS threads have their own kernel state so they are "visible" to the kernel, allowing multiple UMS threads to share and compete for the processor. It works like this:
- When two or more UMS threads need to perform work in user mode, they themselves can periodically cede control to another thread in user mode without contacting the scheduler. The kernel thinks that one thread continues to work.
- When the UMS thread still needs to access the kernel, it switches to a dedicated kernel mode thread.
Common problems when working with Task Manager
Since the task manager is one of the most effective OS tools for managing processes, it is the task manager that becomes one of the first victims of viruses that leak onto a PC. Therefore, before you start restoring its operation, check the system with anti-virus scanners for infection. There are not many main reasons why you cannot start the task manager:
- the taskmgr.exe file is missing in the System32 folder (or in the SysWOW64 folder for a 64-bit OS);
- task manager launch is blocked in the registry;
- launching the dispatcher is prohibited by local group security policy.
There is no taskmgr.exe file in the System32 folder
The file could have been deliberately deleted or renamed by a virus, or the user himself mistakenly deleted the utility in some way.
The taskmgr.exe file has been renamed or completely deleted from the System32 folder
Since the absence of the dispatcher executable file may not be the only result of the virus, in this situation it is recommended to check and restore the integrity of system files using the SFC (System File Checker) utility:
- Open the Run window (Win+R).
- Launch the command prompt by typing “cmd.exe” into the input field and clicking the “OK” button.
- In the command prompt window that opens, type “sfc /scannow” and press Enter.
- After completing the scan and system recovery, restart your computer.
Result of system check using SFC utility
TaskManager is disabled in the system registry
This kind of trouble is expressed in the fact that the system does not respond in any way to the user’s attempts to launch the task manager using any of the methods described at the beginning of this article. To resolve the issue, do the following:
- Open the Run window (Win+R).
- Launch the Windows Registry Editor by typing “regedit.exe” into the input field and clicking “OK”.
- Open the registry key “HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/System” in the editor.
- Find the "DisableTaskMgr" parameter and change its value from "1" to "0".
Change the value of the "DisableTaskMgr" setting from "1" to "0" to allow the task manager to start
The utility has been disabled by the administrator
Sometimes running the taskmgr.exe file can lead to a window appearing with a message stating that the manager has been disabled by the administrator.
You can unlock the task manager by editing the group security policy
To correct the situation, follow these steps:
- Open the Run window (Win+R).
- Launch the Windows Local Group Policy Editor by typing “gpedit.msc” into the input field and click OK.
- In the tree on the left, expand the following items: “User Configuration” –> “Administrative Templates” –> “System” –> “Action options after pressing Ctrl+Alt+Del”.
- In the window on the right, for the “Delete task manager” item, double-click to open the parameter editing window and select the “Not specified” or “Disable” option in it.
- Click "Apply" and "OK" and close the editor window.
- To apply the changes without restarting the PC, right-click on an icon-free desktop surface and click “Update” in the context menu that opens.
Set the value “Disable” or “Not configured” for the item “delete task manager”
Another program opens instead of the task manager
This may be one of the alternative managers presented above, which can replace the standard dispatcher. Or a virus, the author of which decided to play a trick on his potential victims in this way. In fact, both third-party task managers and viruses change the same setting in the Windows registry. To restore the default task manager to start, follow these steps:
- Open the Run window (Win+R).
- Launch the Windows Registry Editor by typing “regedit.exe” in the input field and click OK.
- Open the registry key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe” in the editor.
- Find the Debugger option and remove it.
The program specified in the “Debugger” parameter replaces the task manager when it is called by the user
What to do if the main menu and tabs are missing
Sometimes users panic when faced with a task manager that is missing a window title, main menu and tabs.
The absence of menus and tabs in the task manager is one of the most frequently asked questions from users
There is no need to worry in such a situation.
The “tiny footprint” mode allows you to turn any manager window into a kind of desktop gadget
This mode, which even has a special name “tiny footprint”, was created specifically. With its help, the task manager can be turned into a gadget that shows the CPU load. To do this, the dispatcher must remain on top of other windows (option in the “Options” menu item). By switching it to “tiny footprint” mode in the “Performance” tab, and resizing the manager window so that only the CPU load indicator remains, you can get a beautiful desktop gadget. All hotkeys work in this mode, with the exception of shortcut keys to the main menu.
In order to return the task manager to its normal appearance, you just need to double-click on the white empty area on either side.
The area is marked in color; by double-clicking on it, you can return the task manager to the standard view.
The utility does not show processes
If you are a local administrator of this PC, make sure that the “Display processes of all users” checkbox is checked. Then you will be able to view not only the tasks you started directly, but also system processes and threads.
The second reason why the task manager may not display processes is a conflict between the standard solution and third-party computer optimization and cleaning utilities installed on the PC (AVG PCTuneUp and similar software). The correct solution in this situation is to restart Windows in “clean boot” mode (with a minimum set of drivers and programs), as well as check the status of system files with the sfc.exe utility. You can read more about this on the Microsoft Community website.
What exactly is this program for?
If your computer slows down a lot, you can figure out the program that caused the problems and close it. You can also find the reasons why your computer was damaged by malicious viruses, restore its operation, and clean up the RAM. Situations often arise when the desktop simply disappears when loading Windows. In this case, you have the opportunity to launch the manager (Ctrl + Alt + Delete) and on the “New task” tab, type the regedit command to access the registry, where you can solve problems with the desktop (explorer.exe) loading incorrectly. Thus, using the task manager, you can quickly and accurately diagnose problems and restore your computer's operation.
Is it possible to hide a process in the task manager
This question often arises among system administrators who want to hide a process to prevent the user from forcing it to terminate. It also comes up for parents who want to control the time their child spends on the computer, if the precocious child has already learned to disable the parental control system on his own.
The correct answer to this question is impossible, since the task manager contains data not only about applications, but even about minimized and hidden system processes and services. It is simply not possible to make the process invisible. However, you can use a trick that virus writers often resort to. You can try to trick the user by renaming your program's startup file so that its name matches the name of the system program, which is always present in the list of running Windows processes. For example, you can give your spyware the name “svchost.exe” already mentioned in the article. For greater plausibility, you can even place the file with the renamed program in the System32 folder, where system utilities should be located. To avoid a name conflict with the real “svchost.exe”, when renaming, use their Cyrillic equivalents instead of the Latin letters “c” and “o”. For the system, this will be two different names, but a person will not notice such a substitution of letters.
The renamed DBC Task Manager only gives the path to the executable file, but this can also be fixed
However, if you are knowledgeable in programming, the question is no longer so straightforward. Of course, you cannot hide the process from the system, but the user sees only the information that is displayed in the dispatcher window. Therefore, if you manage to programmatically access a standard window element that displays a list of processes and adjust its lines, the user will not see everything that the system knows about.
Process tree
In Windows, processes only know their parents, and do not know older ancestors.
For example, we have a process tree like this:
Process_1 |- Process_2 |- Process_3
If we terminate the process tree “ Process_1 ”, then all processes will terminate. Because “ Process_1 ” knows about “ Process_2 ”, and “ Process_2 ” knows about “ Process_3 ”.
If we first terminate “ Process_2 ” and then terminate the process tree “ Process_1 ”, then only “ Process_1 ” will terminate, since there is no connection left between “ Process_1 ” and “ Process_3 ”.
For example, start a command prompt and run title parrent to change the window title and start cmd to launch a second command prompt window:
>title parrent >start cmd
Change the title of the second window to child and run the paint program from it:
>title child >mspaint
child command line window, enter the exit , the window will close and paint will continue to work:
>exit
This will leave two applications on your desktop, Command Prompt parrent and paint . In this case, parrent will be like the grandfather of paint .
Launch “Task Manager” , on the “Processes” find the “Windows Command Processor” , expand the list and find “ parrent ”. Then right-click on it and select “Details” :
You will switch to the “ Details cmd.exe highlighted . Right-click on this process and select End Process Tree :
Parrent command line window will exit, but Paint will remain running. So we made sure that there is no connection between the first process and its grandson if the grandson does not have an immediate parent.
Let's sum it up
In this article, we talked in detail about the Windows Task Manager. We found out what it is, why it is needed, how to open it and how to enable the task manager - Task Manager.
If you have any questions, feel free to ask them below in the comments to this article. I'll probably end here. Have fun working on your computer and remember, any problem can be solved, you just need to think a little, or contact a specialist for advice.
Thank you for following me on Twitter.
Stay connected - my You Tube channel.
If the above information was useful to you, then I recommend subscribing to my blog updates to always be aware of fresh and relevant information on setting up and repairing your computer.
Sincerely, Dmitry Sergeev December 13, 2012
Blog navigation
You can share your opinion, or you have something to add, be sure to leave your comment.
Please share links on social networks.
What is the difference between the procedures for returning process mapping on Windows 10 and Windows 7
It is worth noting that all of the discussed methods for resolving conflicts are suitable for almost every version of Windows. However, there are significant differences, knowledge of which will help you quickly and easily cope with the current problem when working with a specific Microsoft product.
For example, for the once most popular seventh version of the platform, its own methods are relevant. But, first of all, it’s worth pointing out that DZ on Windows 7 runs with normal rights, even for administrators. If you need to expand these rights, then, of course, you can use the same taskmgr command, running it as an administrator.
However, you should not rush to do this, since the “seven” has a simplified option for expanding rights, presented in the form of a special button that can be found in the “Processes” tab. If, instead of this key, a checkbox appears to the user’s attention, then this is a sure sign that User Account Control is disabled.
The main tools for launching remote control on Windows 10 are listed above, and even a brief acquaintance with them makes several differences obvious. For example, this is a button that allows you to open all access rights to application control with just one click, which is in the seventh version and absent in the tenth. The solution to the most common problems associated with remote sensing also lies in slightly different planes, although the above algorithms will be more than enough to understand this issue.
And lastly: many users have repeatedly encountered the problem of tabs disappearing from the remote control menu after an accidental double-click. Meanwhile, this is not a glitch at all, but a specially provided tiny footprint option, which allows you to open windows with processor load on top of all previously launched tabs.
How to find out the list of running processes from Power Shell
Information from a file obtained in a similar way will be a little more informative. This option is available to owners of copies of Windows 7/10, and the cmdlet for displaying the list on the same Desktop will be like this:
for a local copy of Windows:
- Handles – the number of threads that the process has opened for itself.
- NPM(K) is the size of the nonpaged memory pool used by the process, in kilobytes.
- PM(K) – size of the paged memory pool used by the process, in kilobytes.
- WS(K) – size of the process’s working set, in kilobytes. It consists of memory pages accessed by the process in the current session.
- VM(M) – the amount of RAM occupied by the process, in megabytes (including pafefile ).
- CPU(s) – time in seconds spent by all processor stones.
- ID – PID of the specified process.
- ProcessName – Process name.
Source
Reasons why the dispatcher may not show processes
However, as practice shows, in addition to problems with startup, other bugs may arise, including the lack of display of processes in the DZ window that opens. Of course, this problem can also be corrected. Another thing is that it does not hurt to establish the cause of its occurrence, especially if we are not talking about isolated failures.
Thus, in the vast majority of cases, the reason for the lack of a list of processes in the remote control is the disabling of user access to the service, performed by a network or regular administrator. And since most often this status is borne by the user himself, there is a violation of the full functioning of the system due to some incorrect actions.
The situation is aggravated by the fact that in the case of network versions of the Windows operating system there is no question of any such rights.
It is noteworthy that these processes can be disrupted even if you have root rights.