process获取父进程_Windows Process Explorer获取有关进程的详细信息

process获取父进程

Windows provides different tools to list and get information about processes. The task manager can be used to list and manage the process. But task manager has limited capabilities. So if we are a pentester or system administrator who lives in deep water we can use process explorer for more functionality.

Windows提供了不同的工具来列出和获取有关进程的信息。任务管理器可用于列出和管理过程。但是任务管理器功能有限。因此，如果我们是生活在深水中的五分之一或系统管理员，则可以使用流程资源管理器以获得更多功能。

下载Windows Process Explorer (Download Windows Process Explorer)

Process explorer is provided as Sysinternal utilities and downloaded from following link as zipped file.

Process Explorer作为Sysinternal实用程序提供，并从以下链接下载为压缩文件。

https://download.sysinternals.com/files/ProcessExplorer.zip

In order to run process explorer we just need to select the architecture and click executable. There is no need to install.

为了运行Process Explorer，我们只需要选择架构并单击可执行文件即可。无需安装。

流程浏览器帮助 (Process Explorer Help)

As we can see in the previous screenshot process explorer comes with a help file in chm format. We can get detailed help about the process explorer from this help document.

正如我们在上一个屏幕截图中所看到的，资源管理器附带了一个chm格式的帮助文件。我们可以从该帮助文档中获得有关流程浏览器的详细帮助。

使用流程浏览器列出流程 (List Processes with Process Explorer)

We can get process list and their detailed information just clicking to the process explorer file.

我们只需单击流程资源管理器文件即可获取流程列表及其详细信息。

Process are listed according to their parent and child relationship. Process listed as a sub row are child of the upper process. Following information about processes can be seen from this page.

进程是根据其父子关系列出的。列为子行的流程是上层流程的子级。从该页面可以看到有关流程的以下信息。

CPU columns shows general CPU usage percentage of this process.

CPU列显示此过程的常规CPU使用率百分比。
Private Bytes columns show the size of memory only used by this process and not shared with other processes and DLL’s.

Private Bytes列显示仅由该进程使用，而不与其他进程和DLL共享的内存大小。
PID column shows process identifier given by operating system and used to easily identify the process.

PID列显示操作系统提供的进程标识符，用于轻松识别进程。
Description columns shows the process information.

Description列显示过程信息。
Company Name columns shows the executable file and application vendor company.

Company Name列显示可执行文件和应用程序供应商公司。

列出详细的过程信息 (List Detailed Process Information)

More detailed process information can be shown with the properties of the the selected process. Just right click on the process and select Properties . This will open a window like below.

可以显示更多详细的过程信息以及所选过程的属性。只需右键单击该过程，然后选择“ Properties 。这将打开如下所示的窗口。

We can see that there are a lot of tabs those provides related information. By default threads tab is opened and list existing threads of the current process which their Thread ID.

我们可以看到有很多提供相关信息的标签。默认情况下，“线程”选项卡处于打开状态，并列出当前进程的现有线程及其“线程ID”。

LEARN MORE What Is Socket In Linux?

了解更多信息Linux中的套接字是什么？

Following information can be get with other tabs.

以下信息可通过其他选项卡获得。

TCP/IP tab provides the network ports and remote connections about this process.

TCP/IP选项卡提供有关此过程的网络端口和远程连接。
Security tab provides owner, group and other related security information

Security选项卡提供了所有者，组和其他相关的安全性信息
Environment tab provides information about the process environment variables like OS, PATH, HOMEPATH etc.

Environment选项卡提供有关过程环境变量的信息，例如OS，PATH，HOMEPATH等。
Strings tab provides the identified strings in this process memory area.

Strings选项卡在此过程存储区中提供了已识别的字符串。
Image tab provides executable file path related information

Image选项卡提供可执行文件路径的相关信息
Performance tab provides CPU, I/O, Memory related statistics and information

Performance选项卡提供CPU，I / O，与内存相关的统计信息和信息
Performance Graph tab shows simple CPU, Memory and I/O graphs about process

Performance Graph选项卡显示有关进程的简单CPU，内存和I / O图
Threads tab shows related threads and their thread ID’s

Threads选项卡显示相关线程及其线程ID

使用Process Explorer终止进程 (Kill Process with Process Explorer)

Another useful feature of the process explorer is killing selected process. This can be done right click to the related process and select Kill Process from the menu. We can also select process and use DELETE key to do same operation.

进程浏览器的另一个有用功能是杀死选定的进程。可以右键单击相关过程，然后从菜单中选择Kill Process 。我们也可以选择进程并使用DELETE键执行相同的操作。

使用Process Explorer杀死进程树(Kill Process Tree with Process Explorer)

In previous step we just killed a single process. We can also kill the process tree. Process tree is the parent process and its child process. This will also kill the child processes too.

在上一步中，我们只是杀死了一个进程。我们还可以杀死进程树。进程树是父进程及其子进程。这也将杀死子进程。

检查病毒总数中的进程和可执行安全性(Check Process and Executable Security In Virus Total)

There is very useful feature which is security related. We can check the executable file and running processes against Virus Total. Virtual Total is a services provides more than 50 antivirus applications to check uploaded executable files. This virus check will made us more secure. We can apply this check to suspicious process easily like below.

有一个非常有用的功能，与安全性有关。我们可以根据Virus Total检查可执行文件和正在运行的进程。 Virtual Total是一项提供50多种防病毒应用程序以检查上传的可执行文件的服务。此病毒检查将使我们更加安全。我们可以轻松地将此检查应用于可疑过程，如下所示。

翻译自: https://www.poftut.com/windows-process-explorer-get-detailed-information-processes/