Join Us!

Windows 8.1 x64 Pro...
 
Notifications
Clear all

Windows 8.1 x64 Process ID behaviour  

  RSS
redcat
(@redcat)
Active Member

Does anybody out there know off the top of their heads how Windows 8.1 (or 10) behaves in terms of allocating and then releasing and/or reissuing PIDs please? Specifically if process A gets PID 1234 then the process quits out how soon could process B pick up PID 1234 afterwards?

How are PIDs issued for that matter, is it just random based on what's available (apart from specific examples like PID 4 for system) or is there some pattern to it?

TIA for any wisdom. I am researching it myself so will update this if I find anything useful to the community.

Quote
Posted : 18/10/2018 1:28 pm
athulin
(@athulin)
Community Legend

Does anybody out there know off the top of their heads how Windows 8.1 (or 10) behaves in terms of allocating and then releasing and/or reissuing PIDs please? Specifically if process A gets PID 1234 then the process quits out how soon could process B pick up PID 1234 afterwards?

As far as I know, it's random or sufficiently close to random to make little practical difference. But that's based on hearsay …

Should not be too difficult to collect a sequence … start a process with a distinctive name, get pid with tasklist, kill process with taskkill … add some scripting language of preference. (Might even be doable with the Linux Bash shell … where you could probably do just 'runme &', 'tasklist | grep -a runme' and 'kill %1', where runme could be a renamed windows binary, like notepad or calc)

Added based on

FOR /L %%I IN (1, 1, 20000) DO (
START /MIN notepad.exe
TASKKILL /FI "IMAGENAME eq notepad.exe"
)

and the output from the TASKKILL command, process IDs vary between 32 and 12284, and are always 0 (mod 4). Which means there are something like 3000 potential PIDs. (??? really?)

Around 850 were observed, and the duplication of assigned PIDs varied from around 50 down to 1.

Entropy analysis of assigned pids suggest that they are far from random … but a possible source of errors might be that CMD starts processes for START and TASKKILL, and that these bias notepad PID asignment. Probably needs more complex test beds to avoid that kind of problem.

ReplyQuote
Posted : 18/10/2018 5:44 pm
Share: