Wednesday, April 24, 2013

Why Are There No Processes 1, 2, or 3 In My Windows Task Manager?


When you take the time to look at all the little details in Windows, you often find little curiosities. Like why, for example, are Process Identification Numbers 1, 2, and 3 never assigned to anything in the Windows Task Manager?
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.

The Question

SuperUser reader Agovizer took a long hard look at the table Process display table in the Windows Task Manager and came back with some questions, specifically:
What processes, if any, exist between PIDs 0 and 4 on Windows 7? Just out of curiosity what are the processes between 0 and 4, and also between 4 and 200 something.
We hopped over into the Task Manager on our machine and sure enough there were no processes assigned in slots 1, 2, and 3–although our PIDs jumped from 4 to 340, as opposed to his 4 to 200.

The Answer

SuperUser contributor G Koe closes the case in one swoop:
There is no Process ID 1, 2, or 3 because of how the NT kernel handle table works.
Handles are always multiples of four. The Kernel handle process object is used for both process handles and process/thread IDs. It happens that handle values all start at 0×4 (bit 2), and the InitialSystemProcess is the first process to be created, so it gets a PID of 4. Idle process isn’t actually a process and you can’t open it. It probably doesn’t have a real PID but most tools consider it to be 0.
More on the NT handle table here although this is only accurate for NT3-5(xp) , as Windows 7 now requires that you only reference kernel handles if attached to PsInitialSystemProcess.
More on Windows 7/8 Handle limits from Mark Russinovich
More on the “multiples of four” in PIDs
Everything he suggests checks out: we’re missing 1, 2, and 3 (not multiples of 4) and every PID value in our list from 340 to 13136 is divisible by 4.

No comments:

Post a Comment