Process Hacker and Windows discussion

 
User avatar
switzer
New User
Posts: 2
Joined: 11 Apr 2016 01:51
OS: Windows 10 64bit
Location: Philadelphia, PA

Service PID Question

11 Apr 2016 02:57

Quick question on PID's: Where normally the PID's designated to my active processes seem to scale appropriately (at least, as far as I can tell), lately I have noticed that about 7 or 8 services in particular (always at the top) will be designated with PID numbers that are much, much higher than their following processes with the numbers scaled grossly disproportionate to the rest of the gradually scaled PID's.

Of course, when I want to take a screenshot of it to show what I'm seeing, it's not doing it. But as a general example, the PID's start in the 400's and gradually scale up through 800's - 1100's. What I'm seeing now is a specific group at the top jump from 1100's well into the 20000's. This strikes me as unusual, but I'm still learning this stuff and can't be certain. Window's Task Manager calls the group UnistackSvcGroup and in Process Hacker I can see the same name in the binary path column.

I'm just wondering if this is this anything to be concerned about?

Attached are the usual suspects, but the numbers I'm seeing typically jump from the 1100 to 24000+ range.

Any feedback is greatly appreciated, thank you.


JC
snip_20160410223602.png
 
LMiller7
New User
Posts: 2
Joined: 11 Apr 2016 19:30
OS: Windows 7 32 bit
Location: Regina Saskatchewan Canada

Re: Service PID Question

11 Apr 2016 23:18

A PID is a number assigned to identify a process when it is created. I don't believe that there is any documentation that attaches any significance to any aspect of that number and the implication seems that it is of no significance. PIDs are eventually recycled when the process terminates but there is no documentation concerning how or under what conditions.

This blog by Raymond Chen, a senior developer with Microsoft, talks about PIDs.
https://blogs.msdn.microsoft.com/oldnew ... /?p=11813/
 
User avatar
wj32
Founder
Posts: 948
Joined: 17 Jan 2011 05:19
OS: Windows
Location: Australia
Contact:

Re: Service PID Question

11 Apr 2016 23:58

PIDs are assigned in the almost same way that handle values are assigned. The only difference is that the handle table free list uses FIFO ordering, so it may take a long time for a particular PID to be recycled. If you're getting high PIDs, it means that at one point in time you had a lot of processes running at the same time.
 
User avatar
switzer
New User
Posts: 2
Joined: 11 Apr 2016 01:51
OS: Windows 10 64bit
Location: Philadelphia, PA

Re: Service PID Question

12 Apr 2016 08:31

Ok, I understand. Thank you both. I didn't suspect that the assigned numbers themselves had any particular meaning past a numerical order, but rather wondered whether such a numerical jump was an obvious red flag of sorts. Thank you again.