Windows operating system process details

(1) [system Idle Process]
Process file: [system process] or [system process]
Process name: Windows Memory Processing System Process
Description: Windows page memory management process, with a priority of 0.
Introduction: This process runs on each processor as a single thread and distributes the Time of the processor when the system does not process other threads. The larger the cpu usage, the more CPU resources available for allocation, and the smaller the number, the CPU resources are insufficient.

(2)[alg.exe]
Process file: alg or alg.exe
Process name: Application Layer Gateway Service
Description: This is an Application Layer Gateway Service used for network sharing.
Introduction: A gateway communication plug-in manager that provides support for third-party protocol plug-ins for "Internet Connection Sharing Service" and "Internet Connection Firewall service.

(3)[csrss.exe]
Process file: csrss or csrss.exe
Process name: Client/Server Runtime Server Subsystem
Description: Client Service subsystem used to control Windows Graphics subsystems.
Introduction: This is part of the user mode Win32 subsystem. Csrss stands for the customer/server operation subsystem and is a basic subsystem that must always run. Csrss is used to maintain Windows Control, create or strikethrough threads and some 16-bit virtual MS-DOS environments.

(4)mongoddhelp.exe]
Process file: ddhelp or ddhelp.exe
Process name: DirectDraw Helper
Description: DirectDraw Helper is an integral part of DirectX for graphics services.
Introduction: Directx help program

(5)[dllhost.exe]
Process file: dllhost or dllhost.exe
Process name: dcom dll Host process
Description: The dcom dll Host process supports DLL running Windows programs based on COM objects.
Introduction: com proxy. The more dll components attached to the system, the more cpu resources and memory resources the dllhost occupies, in August, the "Shock Wave killer" probably made everyone familiar with it.

(6)[explorer.exe]
Process file: explorer or assumer.exe
Process name: Program Management
Description: Windows Program Manager or Windows Explorer is used to control Windows Graphics Shell, including Start Menu, taskbar, desktop and file management.
Introduction: This is a user's shell. It looks like a task bar, a desktop, and so on. Or it is the resource manager. I don't believe you are running it. It is also important for Windows systems, and the red Code also makes it difficult for them to find out, and create assumer.exe under C and D.

(7)[inetinfo.exe]
Process file: inetinfo or inetinfo.exe
Process name: IIS Admin Service Helper
Description: InetInfo is part of Microsoft Internet Infomation Services (IIS) and used for debugging and debugging.
Introducing: The iisservice process, blue code is the buffer overflow vulnerability of inetinfo.exe.

(8)[internat.exe]
Process file: internat or internat.exe
Process name: Input Locales
Description: This input control icon is used to change country-like settings, keyboard types, and date formats. Internat.exe starts running at startup. It loads different input points specified by the user. The Input Point is from the Registry location HKEY_USERS.DEFAULTKeyboard LayoutPreload to load the content. Internat.exe loads the "EN" icon into the system's icon area, allowing users to easily convert different input points. When the process is stopped, the icon disappears, but the input point can still be changed through the control panel.
Introduction: The role is mainly used to control the input method. When your task column does not have an enable icon and the system has an internat.exe process, you may wish to end the process and execute the internat command in the running process.

(9) [kernel32.dll]
Process file: kernel32 or kernel32.dll
Process name: Windows Shell Process
Description: A Windows shell process is used to manage multiple threads, memory, and resources.
Introduction: more illegal operations and Kernel32 explanation

(10)[lsass.exe]
Process file: lsass or lsass.exe
Process name: local security permission Service
Description: This local security permission Service controls the Windows security mechanism. Manage IP Security Policies and start ISAKMP/Oakley (IKE) and IP Security drivers.
Introduction: this is a local security authorization service, and it will generate a process for authorized users using the winlogon service. This process is executed by using an authorized package, such as the default msgina. dll. If the authorization succeeds, lsass will generate the user's access token. Do not use the start initial shell as the token. Other user-initiated processes will inherit this token. The remote stack overflow vulnerability in windows Active Directory is that the LDAP 3 search request function lacks the correct buffer boundary check for user submitted requests, AND more than 1000 "AND" requests are built, which is sent to the server in concurrency, causing a stack overflow AND the lsass.exe service to crash, the system restarts within 30 seconds.

(111_1_mdm.exe]
Process file: mdm or mdm.exe
Process name: Machine Debug Manager
Description: Debug debugging management is used to Debug applications and Microsoft Script Editor in Microsoft Office.
Introduction: the hacker generates some temporary files during troubleshooting. These files are not automatically cleared when the operating system shuts down, therefore, some files suffixed with CHK are useless junk files in these strange files starting with fff. Can I use them to change their charm, low nest, and add them? In the X-system, only mdm.exe exists in the system, and a strange file starting with fff may be generated. You can press the following example to stop the system from running mdm.exe to completely delete the strange file: Ghost (under the C: WindowsSystem directory) Starting with fff and rename it Mdm. bak. Run the msconfig program and deselect "Machine Debug Manager" on the startup page. In this example, mdm.exe can be started automatically, and then click "OK" to end the msconfig program and restart the computer. In addition, if you use IE 5. for browsers later than Version X, it is recommended to disable script calling (click "Tools> Internet Options> advanced> disable script calling") to avoid the re-generation of strange files starting with fff.

(12) [mmtask. tsk]
Process file: mmtask or mmtask. tsk
Process name: multimedia support process
Description: This Windows multimedia background program controls multimedia services, such as MIDI.
Introduction: this is a task scheduling service, which allows you to determine the running of a task at a specific time in advance.

(13)[mprexe.exe]
Process file: mprexe or mprexe.exe
Process name: Windows route Process
Description: A Windows route process includes sending network requests to an appropriate part of the network.
Introduction: This is a 32-bit Windows Network Interface service process file, the core of the network client component startup. The running a-311trojan (trojan.a-311.20.zookeeper will also create the mprexe.exe process in the memory to end the process through resource management.

(14)[msgsrv32.exe]
Process file: msgsrv32 or msgsrv32.exe
Process name: Windows Messenger Service
Description: Windows Messenger service calls Windows drivers and program management at startup.
Introduction: msgsrv32.exe is a Management Information Window application program. If the audio card is not configured with the graphics card driver in win9x, the system crashes and prompts msgsrv32.exe to fail.

(15)[mstask.exe]
Process file: mstask or mstask.exe
Process name: Windows scheduled task
Description: A Windows scheduled task is used to set the time or date at which the inheritance was backed up or run.
Introduction: scheduled tasks are automatically started through the registry. Therefore, the file name of a self-started program cannot be seen in the system information. Once it is deleted or disabled from the Registry, all programs started by scheduled tasks cannot run automatically. In win9X, the scheduled task is enabled after the system starts. You can double-click the scheduled task icon-advanced-terminate the scheduled task to stop it from being started. In addition, during attacks, attackers often use scheduled tasks, including uploading files, elevation of permissions, planting backdoors, and cleaning footprints.

(16.01_regsvc.exe]
Process file: regsvc or regsvc.exe
Process name: Remote Registry Service
Description: Remote Registry is used to access the registry on a remote computer.

(17[[rpcss.exe]
Process file: rpcss or rpcss.exe
Process name: RPC Portmapper
Description: The RPC port ing process in Windows processes RPC calls (Remote module calls) and maps them to the specified service provider.
Introduction: 98 it is not started when the interpreter is loaded or when the boot is started. If there is a problem in use, you can directly run versionrun in the Registry hkey_local_machinesoftwaremicrosoftwindowscur1_versionrun
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices Add "string value" and direct it to "C: WINDOWSSYSTEMRPCSS.

(18)[services.exe]
Process file: services or services.exe
Process name: Windows Service Controller
Description: Manages Windows Services.
Introduction: Most of the system's core processes are running as system processes. Open the services in the management tool, and you can see that many services are being called using the dedicated systemroot1_system32service.exe

(19100000000smss.exe]
Process file: smss or smss.exe
Process name: Session Manager Subsystem
Description: This process is used by the session management subsystem to initialize system variables. The MS-DOS driver name is similar to LPT1 and COM. It calls the Win32 shell sub-system and runs in the Windows login process.
Introduction: This is a session management subsystem that starts user sessions. Threads) and set system variables. After it starts these processes, it waits until Winlogon or Csrss ends. If these processes are normal, the system will shut down. If something unexpected occurs, smss.exe will stop the system from responding (that is, suspending ).

(20)[snmp.exe]
Process file: snmp or snmp.exe
Process name: Microsoft SNMP Agent
Description: a simple network protocol proxy (SNMP) in Windows is used to listen to and send requests to the appropriate network section.