LAB 2: MONITORING PROCESSES IN WINDOWS

CEG 4350

OBJECTIVE: This lab provides hands-on experience exploring processes throughout their runtime. Students explore various properties of processes in a practical way by monitoring processes
and changing their state to see how processes react.

TURN IN INSTRUCTIONS:
A. Complete the lab using a word processing program and include your full name, the lab
number, the class, and the term at the top of the document. Save the document as a PDF file and
turn the PDF file into the lab drop box.
B. Verify that your lab assignment is uploaded correctly. You are responsible for making sure all
materials are turned in by the deadline.
C. This lab has you provide a number of screenshots to substantiate your answer to each
question. Ensure your screenshot captures the relevant information and only the relevant
information. Crop out unnecessary parts out of the image (other windows, your desktop image,
etc.). All images, tables, and figures should be centered, and contain a caption with a number and
a short description of the image.
D. The lab you turn in must be completely your own work.

TOOLS USED: SysInternals Suite, Microsoft Windows

INSTALLATION AND CONFIGURATION OF SYSINTERNALS SUITE:
You can download the SysInternals Suite from https://technet.microsoft.com/enus/sysinternals/bb842062.aspx. You will find a zip file named SysInternalsSuite.zip. Extract the
files to a folder location you select (Documents or Desktop) rather than just double-clicking the
Zip file. The folder will contain a number of files as seen in Figure 1.
Among many other useful tools, you will find "Process Explorer" in an executable called
"procexp.exe." You can run this tool from the folder you extracted (you don't need to install it),
but you should run the program as an administrator so you can perform the operations from this
lab. Left click in order to enable running as an administrator.
Once you run Process Explorer you will see something like Figure 2.

Figure 1. SysInternals Contents

Figure 2. Process Explorer View

If you double click on any process, you can view its process tree which will contain the main
process and subset of the child process. A minus sign to the left of a process shows it is
expanded.

Open the Google Chrome browser and search for Wright State University. We will use Process
Explorer to monitor what happens when this action is performed.
1.) Open procexp.exe and keep it opened. Open the Google Chrome application from your
computer.
2.) Immediately monitor the process explorer once you perform this operation. You should notice
the row corresponding to Google Chrome flashes green then returns to its normal color. This is
because it is a new process. Now it's time to explore the process.

Question 1. There are different colors used for displaying every parent and child process. You
can configure the colors from options configure colors. The meaning for each color will be
provided. What are the colors for the process and all the child processes? What do the colors
mean?
Question 2. Select a process and go to view update speed choose different speeds such as
0.5, 1, and 1.5 seconds. What difference do you see with the alteration of the speed?
You can explore the properties of both parent and child processes. Right click on the parent or
the child process and select properties. You will see something like Figure 3.

Figure 3.

You can toggle between the different tabs and explore their properties. Explore the performance
and the performance graph properties.
Question 3. What is the PID of the parent process? What virtual memory properties are shown
for the parent process? What are virtual memory properties are shown for the child process?
What is the CPU priority and I/O priority? What is your I/O and private bytes for this process?
Provide screenshots to substantiate your answer (see Figure 4 and 5).

Figure 4.

Figure 5.

Question 4. What is the working set, virtual bytes and private bytes for the process? What do
these terms mean?
Question 5. What is the PID, Description and company name for the process? What do these
terms mean?
Question 6. Who is the verified signer for the process you are running? What if the process does
not have a verified signer? Can processes with verified signatures also be malicious?

Question 7. Right click on the main chrome process and perform each of the operations listed
below, one by one:

a)
b)
c)
d)

Suspend
Resume
Restart
Kill process
Explain briefly what each of these operations do.

Question 8. Left click on the process and press CTRL+H and CTRL+D. What do these do?
Question 9. Go to image tab in the process explorer properties. What is the path of chrome?
What does that mean?
Question 10. You can include a number of properties in the main view and explore them by
selecting View select columns. You will see something like Figure 6.

Figure 6.

By selecting any of the properties and clicking ok we will be able to see that property as a
separate column in the main view of the process explorer.
Now include the number of the page faults from the process memory tab. You can see the
number of page faults from the main process explorer view. How many page faults does the
process have? What exactly does the number of page faults measure?
Question 11. Right click on the chrome process and go to security tab. Click on the permissions
option from the dialog box. What permissions were assigned to each user? What are the read,
write, and special permissions for each user? Provide screenshots for your answer.

Question 12. Press CTRL+I for the system information. Go to the memory tab and give a
screenshot of the page listings. What are page listings and what do they represent?
Question 13. Go to View Select columns and go to process image tab. Select Windows status.
The Window status column will now appear in your main view. What does window status mean?
What is the window status for the chrome process? Provide screenshots.
Question 14. Go to View Select columns and go to process image tab. Select integrity level.
The Integrity level column will now appear in your main view. What do each of the integrity
levels mean? What is the integrity level for the chrome process? Provide screenshots.
Question 15. Finally, did you notice that even Process Explorer is listed as a process in Process
Explorer itself? Does Process Explorer have any child processes? Provide the performance and
performance graph properties as screenshots for Process Explorer.