Windows XP Management System Process Optimize System Resources

Know the common process

Just press “Ctrl+Alt+Del” to open the task manager, click “process” you can see all the processes of the current system (as shown in Figure 1, Do you understand it?). These processes can be roughly divided into two categories:

1. System Processes

These are mostly the processes required to keep your system up and running. Let's take a simple introduction to the list of processes on the author's computer (Figure 1). By default, WinXP will start many system services. Since the author has closed some unnecessary system services, the list may be related to everyone. Slightly different).

1Svchost.exe: This is the generic host process name of the service running from the dynamic link library (DLL). Each Svchost.exe contains a set of services. Our usual online, disk management, scheduled tasks, etc. are completed by this process. This is a typical process that corresponds to multiple programs. For WinXP/2000 systems, there will be multiple such processes at the same time. Trojans, viruses, etc. are also often loaded through this process, so that its process name and program name are different.

2Explorer.exe: Resource Manager, our commonly used desktop, taskbar, etc. is managed by it.

3WinLogon.exe: Manage user login, which is loaded when logging in to the system. The role is to ensure that users can log in to the system normally.

4System and System Idle Process: The system default service, which runs as a single thread on each processor and dispatches the processor time when the system does not process other threads (don't let the CPU be too idle) . Everyone often finds that its CPU occupancy is very large. In fact, this indicates that the CPU is idle at this time.

Others such as Alg.exe, sass.exe, Services.exe, Csrss.exe, and Smss are also system processes. Generally, there are few contacts, and the specific instructions are not introduced. These are the processes necessary for the system to function properly. If it is turned off, the system may have some unexplained failures.

2. User Service or Self-Starting Process

1Run Norton Anti-Virus Boot Process —Navapsvc.exe and Navapw32.exe.

2 taskbar input method switching icon — Ctfmon.exe, it is the text service automatically loaded by Office, if you do not have Office, here is the internat.exe.

3 Start the process after QQ — QQ.exe, Timplatform (QQ's TM function), this is an application that starts to start multiple processes.

4Taskmgr.exe— The running task manager.

Others such as Winamp (Winamp.exe), Outlook Express (msin.exe), Word (Winword.exe), Internet Explorer (iexplore.exe), Notepad (Notepad.exe), EXCEL ( After Excel.exe) and other programs (process names in parentheses), their process names are consistent with the program itself, and you can easily judge them.

Management Processes

Although Task Manager can list all processes in the system, it cannot know the path where the process is located, the module being called, the relationship of the process (such as child, parent process), and Details such as subservices. The two methods are described below.

1. Using the system's own commands

In WinXP, Tastlist and Taskkill are two commands dedicated to viewing and terminating processes.

The 1Tasklist command is used to display a list of applications and services for all tasks running on a local or remote computer, with a process ID.

Syntax:

tasklist[.exe] [/s computer] [/u domain\\user [/p password]] [/fo {TABLE LIST CSV}] [/nh] [ ,null,null,3],/fi FilterName [/fi FilterName2 [ ... ]]] [/m [ModuleName] /svc /v]

For a description of each parameter, please refer to the help of Windows (press "ld1;F1" on the system desktop) Search for this command after the key). For example, to view the module called by the QQ.exe process, type in the command line:

tasklist /m

After you press Enter, you can see the DLL file called by all the programs. Of course, QQ.exe is also included (as shown in Figure 2, there are many modules behind the program).

2Taskkill command to end one or more tasks or processes. The process can be terminated based on the process ID or image name.

Syntax:

taskkill [/s Computer] [/u Domain\\User [/p Password]]] [/fi FilterName] [/pid ProcessID] [/im ImageName] [/f][/t]

To force termination of QQ.exe, enter the command: taskkill /im qq.exe /f. After the carriage return, the QQ process can be ended.

2. Using the special process software

Process Explorer (hereinafter referred to as PE) This software has been domesticated by domestic enthusiasts, the following is introduced in Chinese version. Although the system command can list more detailed information about the process, it is not known that the process contains the specific path of each service, as well as the DLL file that is called. To manage the process. PE allows the user to understand the handlers that are executed in the background. It shows which modules are currently loaded, which programs are being used by them, and the DLL processes called by these programs and the handles they open.

The following is an example of using PE to view the Svchost.exe process. As mentioned above, each Svchost.exe contains a set of services, and Trojans like it very much, often by registering as a system service and using it to launch. The Svchost.exe process is only served as a service host, which means that it can only provide conditions for other services to be started here, and does not represent any program. These system services are implemented in the form of dynamic link libraries (DLLs) that point executables to Svchost, which invokes the dynamic link library of Trojan files to start the service. If you rely on the two commands that come with the system, you cannot parse the process.

After running PE, select Svhoost.exe, right-click and select “Attributes”, and you will see detailed information about the process in the pop-up window (as shown in Figure 3, it is convenient to view the process with tools) .

1View the path. Click on "Image"; you can see that the Svchost.exe path is under C:\\windows\\system32. The service it registers is imgsvc, the parent process ID is 554 (Services.exe), (as shown in Figure 4 to understand the ins and outs of the process).

2View the registration service. Click on “Services” to see a detailed description of the registered services (imgsvc) (as you can see, what are the processes in Figure 5).

3View the calling module. Click "Program Thread" to see each thread of the registered service and the calling module (as shown in Figure 6 from the relationship between the module and the process can determine whether it is normal).

This way, through PE, we can know the details of the process. If we find any abnormality in the process, we can terminate it according to the prompt path and the calling module information.

After reading the above introduction, everyone can manage these processes of the computer. In short, the process as an important component of the system, if you can manage and manage it, you can bring great convenience to the use of computers.