Using Process Explorer Flashcards
Does a Task Manager have any sense of hierarchy?
no - it does not show the parent process that started the process or child process started by a certain process
Does a Task Manager have any knowledge of threads?
- no - can only point to a correct direction to find a fault, but cannot explain what’s going on as it does not see what threads are doing
- at best it knows the number of threads running in a process
What does it mean that Task Manager does not have any understanding on what resources are being used?
- doesn’t understand what DLLs/modules/files are loaded
- no understanding on what register keys a process is using
What can a Task Manager never provide when using for troubleshooting an issue or malware analysis?
the actual reason why bad things happened
How to run Process Explorer with elevated privileges to be able to see details for all processes?
File > Show Details for All Processes
How to check what privileges are used by a running process?
Properties > Security