On Sat, 10/12/2024 7:12 AM, Jim the Geordie wrote:
I have Chrome, Edge, Betterbird and Thunderbird (different profile) all open on my desktop, yet Edge and Thunderbird don't appear in Task Manager as Apps or Background processes.
I have tried an online cleanup and a scannow.
Classifying programs for the Windows ecosystem, is "hard".
I can't successfully do it for you.
win32 - Show up in Linux as PE32 or PE32+. A relatively easy classification,
but not a thorough one. Many times the loader will show "not for this OS"
or the like. This implies sub-categories, which I don't know what
they are. Similarly, a 16 bit executable, no idea how to ID one of those.
Visual Studio and GNU output, is a slightly different format, both successfully
load-able.
UWP - Universal Windows Program. These are *not* universal, to start with.
They run on Windows 7... only if they are *compiled* for windows 7.
The compilation process is more likely to make UWPs for W8/10/11.
https://en.wikipedia.org/wiki/Universal_Windows_Platform_apps
https://en.wikipedia.org/wiki/Universal_Windows_Platform
Metro.App - These have an EXE file, but it is a carrier of a manifest. Or
at least, it used to contain a manifest, now they can have a size of
zero bytes. Hard to launch. Can be Suspended (similar to a TSR in olden times).
Folders they are stored in can be hard to access, but nfi.exe can list
the contents.
You can use this program, as a second Task Manager. If you Run As Administrator,
the features such as stack sniffing work. I don't think the program author has really had a chance to update this for >win7. If you use Tree View, you can get the processes indented, and this allows you to identify the Parent PID of MSEdge
and "kill" the correct process to cause all children to exit. Task Manager does not
hint at the Parent PID (select columns does not have PPID).
https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer
The Task Manager is not currently a successful accounting of machine activity. with virtualization present on the machine, I no longer trust Task Manager
for any purpose of note.
Programs are also launched in different "Sessions". A program in one "Session" should not be able to sniff programs in another "Session". If you press ctrl-alt-delete
when a login prompt is coming up, that is supposed to ensure the password types,
only goes to your session, and not some other (Fast User Switching) session.
The metadata in Task Manager does not have to be complete. By removing some of the fields (leaving them blank) in Memory Compressor (a windows process), Task Manager no longer displays Memory Compressor. However, the Process Explorer program shows you the memory compressor. On older machines, when
RAM was below the "1GB minimum", the Memory Compressor can be seen
running. When available (physical RAM) is 256MB on a 1GB minimum OS,
the Memory Compressor remains railed on one core. You cannot see
this activity in Task Manager. A whole core could be used up, and
you would not know it.
This is one reason I use a *power meter* for this PC, to determine what
is running. If the power is too high when the machine is "idle", then
I know something (indeterminate) is involved.
*******
"If you don't like the output, you're holding it wrong" :-)
I expect any Partner working with Microsoft, needs the aid
of a MS Dev to get anything done. Mozilla has had pretty good
luck at this stuff. When they added the mapping DLLs for Firefox,
they were one of the few devs to do that properly. They may have
better access to help, than the other third-party developers.
Summary: It's a shockingly bad situation. This is NOT GOOD for security,
by the way. Make a shambles of the OS, there are fewer eyes to
spot trouble for you. Fewer people to report exploits, and so on.
Paul
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)