Content:: Task Manager
The Taskmanager, How to Open
The Task Manager can be opened multiple ways. The most common action is by right clicking on the Taskbar (to the right of the Start Button). A context menu will appear with an option named "Task Manager".
There is also a keyboard shortcut combination you can use CTRL + SHIFT + ESC.
Pressing CTRL + ALT + DEL will take you to an alternative menu with the a button in the center column bottom row to activate the program.
The executable name for the Task Manager is taskmgr.exe which is located in C:WINDOWSsystem32. A backup is stored in C:WINDOWSsystem32dllcache. The path C:WINDOWSsystem32 is stored in PATH environmental variable allowing us to type taskmgr or taskmgr.exe from any location in the system including the Run Command.
The Task Manager can be opened multiple ways. The most common action is by right clicking on the Taskbar (to the right of the Start Button). A context menu will appear with an option named "Task Manager".
There is also a keyboard shortcut combination you can use CTRL + SHIFT + ESC.
Pressing CTRL + ALT + DEL will take you to an alternative menu with the a button in the center column bottom row to activate the program.
The executable name for the Task Manager is taskmgr.exe which is located in C:WINDOWSsystem32. A backup is stored in C:WINDOWSsystem32dllcache. The path C:WINDOWSsystem32 is stored in PATH environmental variable allowing us to type taskmgr or taskmgr.exe from any location in the system including the Run Command.
Disabled Task Manager, How to re-enable
It is common practice for malicious softare (Viruses, Trojans, Spyware, etc) to disable the Task Manager. Another common practice is to disable this from users by your friendly System Administrator.
The feature to disable access to the Task Manager is stored in the windows registry.
A windows registry key is used to disable access to the task manager. The key can be found here
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
A "REG_DWORD" labeled DisableTaskMgr controls the setting a hex value of 0x01 or decimal value of 1 will disable the Task Manager where a hex value of 0x00 or decimal value of 0 will enable the Task Manager.
Reference
http://technet.microsoft.com/en-us/library/cc757091%28WS.10%29.aspx
http://ask-leo.com/why_is_my_task_manager_disabled_and_how_do_i_fix_it.html
It is common practice for malicious softare (Viruses, Trojans, Spyware, etc) to disable the Task Manager. Another common practice is to disable this from users by your friendly System Administrator.
The feature to disable access to the Task Manager is stored in the windows registry.
A windows registry key is used to disable access to the task manager. The key can be found here
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
A "REG_DWORD" labeled DisableTaskMgr controls the setting a hex value of 0x01 or decimal value of 1 will disable the Task Manager where a hex value of 0x00 or decimal value of 0 will enable the Task Manager.
Reference
http://technet.microsoft.com/en-us/library/cc757091%28WS.10%29.aspx
http://ask-leo.com/why_is_my_task_manager_disabled_and_how_do_i_fix_it.html
How the Task Manager Works
The default tab Applications shows a list of applications or tasks available. Remember this is not a complete list of applications. It is only a list of applications that are made for windows that are top level window applications. These are the applications that will appear in the Task Switcher or Flip as it is called in Windows Vista. The shortcut keys to access the Task Switcher are ALT + TAB.
The Processes tab can be useful as it shows every executable program that is running inside of your Windows Operating System. The base operating system processes are highlighted in green. With a basic operating system installation you should see roughly 16 processes, CPU Usage of roughly 0% and the memory usage (Commit Charge) running roughly 80 MegaBytes the slash (/) is over the total physical RAM and Virtual Memory (this is usually twice the amount of of the physical RAM). After installing your system drivers the processes should stay at roughly 16 unless the drivers run additional, usually un-needed, programs. The largest increase you will see is your memory usage rising to roughly 120 MegaBytes this can vary drastically depending on the drivers.
A clean functioning system will run roughly
Processes: 16
CPU Usage: 0%
Commit Charge: 120M
One important note about the screenshot is the "System" process running at a heavy 77 MegaBytes. This is due to the AVG anti-virus software, a normal "System" will in the low hundreds of KiloBytes thats nearly one hundred times less than what the screenshot shows.
The Processes
The base or default processes that come or are required for the Windows XP Operating system to run are :
* The MD5 and dates may vary depending on your system. This was taken from Windows XP Home SP3
How the Task Manager Works
By knowing what processes exist based on a basic operating system we can now use the processing tab of the task manager as a useful tool to fix many problems our system may have.
One important thing to understand is the Task Manager only shows what is currently running and does not have any control over the system start up processes. Only the operating system and its configurations can tell your computer what programs to start up when your computer does. Anything running on your system including "Viruses" or "Malware" must be started by the operating system either through the configurations or an exploit.
This means you can terminate any if not all of the processes, not listed above, then restart your computer to return the system to the "state" it was in before terminated a task in the Task Manager.
Killing random processes in your task manager may cause your system to fail, crash, or an error message to prompt you stating an error with the operating system has occured and a reboot is required.
The default tab Applications shows a list of applications or tasks available. Remember this is not a complete list of applications. It is only a list of applications that are made for windows that are top level window applications. These are the applications that will appear in the Task Switcher or Flip as it is called in Windows Vista. The shortcut keys to access the Task Switcher are ALT + TAB.
The Processes tab can be useful as it shows every executable program that is running inside of your Windows Operating System. The base operating system processes are highlighted in green. With a basic operating system installation you should see roughly 16 processes, CPU Usage of roughly 0% and the memory usage (Commit Charge) running roughly 80 MegaBytes the slash (/) is over the total physical RAM and Virtual Memory (this is usually twice the amount of of the physical RAM). After installing your system drivers the processes should stay at roughly 16 unless the drivers run additional, usually un-needed, programs. The largest increase you will see is your memory usage rising to roughly 120 MegaBytes this can vary drastically depending on the drivers.
A clean functioning system will run roughly
Processes: 16
CPU Usage: 0%
Commit Charge: 120M
One important note about the screenshot is the "System" process running at a heavy 77 MegaBytes. This is due to the AVG anti-virus software, a normal "System" will in the low hundreds of KiloBytes thats nearly one hundred times less than what the screenshot shows.
The Processes
The base or default processes that come or are required for the Windows XP Operating system to run are :
| Process | Folder | MD5 | Last Changed |
| csrss.exe | C:windowssystem32 | 44f275c64738ea2056e3d9580c23b60f | 04/14/2008 08:00 PM |
| explorer.exe | C:windows | 12896823fb95bfb3dc9b46bcaedc9923 | 04/14/2008 08:00 PM |
| lsass.exe | C:windowssystem32 | bf2466b3e18e970d8a976fb95fc1ca85 | 04/14/2008 08:00 PM |
| services.exe | C:windowssystem32 | 65df52f5b8b6e9bbd183505225c37315 | 02/06/2009 04:11 AM |
| smss.exe | C:windowssystem32 | 5f816c1f539266d2d4c78694239da0b5 | 04/14/2008 08:00 PM |
| spoolsv.exe | C:windowssystem32 | d8e14a61acc1d4a6cd0d38aebac7fa3b | 04/14/2008 08:00 PM |
| svchost.exe | C:windowssystem32 | 27c6d03bcdb8cfeb96b716f3d8be3e18 | 04/14/2008 08:00 PM |
| System | |||
| System Idle Process | |||
| taskmgr.exe | C:windowssystem32 | 2cd1c3506a85b38e2d17e61aded175c4 | 04/14/2008 08:00 PM |
| winlogon.exe | C:windowssystem32 | ed0ef0a136dec83df69f04118870003e | 04/14/2008 08:00 PM |
| wmiprvse.exe | C:windowssystem32wbem | 798a9e6828997eef4517ada8a2259831 | 02/06/2009 03:10 AM |
* The MD5 and dates may vary depending on your system. This was taken from Windows XP Home SP3
How the Task Manager Works
By knowing what processes exist based on a basic operating system we can now use the processing tab of the task manager as a useful tool to fix many problems our system may have.
One important thing to understand is the Task Manager only shows what is currently running and does not have any control over the system start up processes. Only the operating system and its configurations can tell your computer what programs to start up when your computer does. Anything running on your system including "Viruses" or "Malware" must be started by the operating system either through the configurations or an exploit.
This means you can terminate any if not all of the processes, not listed above, then restart your computer to return the system to the "state" it was in before terminated a task in the Task Manager.
Killing random processes in your task manager may cause your system to fail, crash, or an error message to prompt you stating an error with the operating system has occured and a reboot is required.
Cleaning Memory Resident Programs with the Task Manager
With the little what we have learned we can now terminate processes that are running on the system. The easiest test we can do is killing the taskmgr.exe, this will make the Task Manager disappear. You can do this by right clicking on taskmgr.exe and selecting End Process from the context menu.
With the little what we have learned we can now terminate processes that are running on the system. The easiest test we can do is killing the taskmgr.exe, this will make the Task Manager disappear. You can do this by right clicking on taskmgr.exe and selecting End Process from the context menu.
