"Ctrl+alt+del" This key combination is the query management system process, the system process can be traced to the system is running the program and the system resources, users through the management system process can improve the use of resources, today we together to learn the relevant knowledge, release more system resources.
1. System process
Most of these are the processes needed to keep the system running properly. The following is a simple introduction to the list of processes on the author's computer (Figure 1) (by default, WinXP will start a lot of system services, so the list may be slightly different from everyone because the author shuts down some unnecessary system services).
①svchost.exe: It is the generic host process name for a service running from a dynamic-link library (DLL). Each Svchost.exe contains a set of services. We usually surf the Internet, Disk Management, the implementation of the planning tasks are completed by this process. This is typical of a process that will correspond to multiple programs. For winxp/2000 systems, there are multiple processes that exist simultaneously. *, viruses, etc. are also often loaded through this process, so that its process name and program name are different.
②explorer.exe: Resource Manager, our common desktop, taskbar, etc. is managed by it.
③winlogon.exe: Management user Login, is in the system loading, the role is to ensure that users can log on to the system normally.
④system and System Idle Process: The default service that runs on each processor as a single thread and allocates the processor time when the system does not process other threads (don't let the CPU idle). We often find that its CPU share is very large, in fact, this indicates that the CPU is idle at this time.
Other such as Alg.exe, Sass.exe, Services.exe, Csrss.exe, SMSS is also the system process, we generally contact less, the specific instructions are not introduced. These are the processes that are necessary for the system to function properly, and if they are shut down, there may be some inexplicable failures.
2. User Services or self-initiated processes
① run Norton Antivirus startup process-navapsvc.exe and Navapw32.exe.
② taskbar Input Method Toggle icon-ctfmon.exe, it is office automatically loaded text service, if you do not install Office, here is the display of Internat.exe.
③ start QQ After the process-qq.exe, Timplatform (QQ TM function), which is said earlier an application to start multiple processes.
④taskmgr.exe-the running Task Manager.
Others such as Startup Winamp (Winamp.exe), Outlook Express (Msin.exe), Word (Winword.exe), IE browser (iexplore.exe), Notepad (Notepad.exe), EXCEL ( Excel.exe) and so on (in parentheses the process name), their process name and the program itself is consistent, you can easily judge.
Management process
Although Task Manager can list all the processes in the system, it is not possible to know the path in which the process is located, the module being invoked, the relationship of the process (such as child, parent process), including child services, and more. Here are two ways to do this.
1. Use the system with the command
In WinXP, Tastlist and Taskkill are the two commands dedicated to viewing and terminating a process.
①tasklist command, which displays a list of applications and services running on all tasks on a local or remote computer with process IDs.
Grammar:
Tasklist[.exe] [/s computer] [/U domainuser [/p password]] [/fo {TABLE LIST CSV}] [/NH] [/fi filtername [/fi FilterName2] [ ... ]]] [/M [ModuleName]/svc/v]
For instructions on each parameter, refer to Windows Help (search for this command after pressing the "F1" key on the system desktop). For example, to view the module that QQ.exe this process call, enter at the command line:
tasklist/m
When you enter, you can see the DLL files that are being invoked by all the current programs, including QQ.exe (for example, there are a lot of modules behind the program in Figure 21).
②taskkill command, used to end one or more tasks or processes. You can end a process based on the process ID or image name.
Grammar:
Taskkill [/s Computer] [/U domainuser [/P Password]]] [/fi filtername] [/pid ProcessID] [/im imagename] [/f][/t]
To force the termination of QQ.exe, enter the command: Taskkill/im qq.exe/f. The QQ process can be finished after the carriage return.
2. Use of specialized process software
Process Explorer (hereinafter referred to as PE) the software has been domestic enthusiasts for it to the Chinese, the following on the Chinese version to introduce. Although the system commands can list the details of the process, it is not known how the process contains the specific path of each service and the DLL file that is invoked. To manage the process. PE allows the user to understand the handlers that are executing in the background, showing which modules are currently loaded, which programs are being used by each, and displaying the DLL processes that these programs call, as well as the handles they open.
The following is an example of using PE to view the Svchost.exe process. As mentioned above, each Svchost.exe contains a set of services, and the * is very fond of it, often by registering as a system service and using it to start. The Svchost.exe process serves only as a service host, which means that it can only provide conditions for other services to be started here, and does not represent any program. These system services are implemented in the form of dynamic-link libraries (DLLs), where the executable is directed to Svchost, which invokes the dynamic link library of the * file to start the service. You cannot parse this process if you rely solely on the system's own two commands.
When you run PE, select Svhoost.exe, right-click Select Properties, and you can see details about the process in the pop-up window (Figure 3 is handy for viewing the process with tools).
① View the path. Click image to see that the Svchost.exe path is under C:windows system32. The service it registers is imgsvc, and the parent process ID is 554 (Services.exe) (Figure 4 understands the ins and outs of the process).
② View the registration service. Click Services to see a detailed description of the registered service (IMGSVC) (Figure 5 Now knows what these processes are doing).
③ view the calling module. Click Program threads to see each thread of the registered service and the calling module (Figure 6 from the relationship between the module and the process to determine if it is normal).
In this way through PE, we can know the details of the process, if you find any exception to the process, you can follow the path of the prompts and call module information to terminate.
After reading the above introduction, we can manage the computer of these processes. In short, the process as an important component of the system, if you can manage to identify and manage it, can bring great convenience to the use of computers.
(Responsible editor: admin)