# Processes Threads Handles ### Processes * An instance of an executable * Think of it as a container * An application can have many processes i.e. your web browser * each tab you open will spawn a new processes * A Process typically isnt aware of other processes on the machine * It believes it is the only process on the machine * Each processes is started with a single thread, often called `primary thread` but can create additional threads from any of its threads #### Three Types of Processes * Application Processes * i.e chrome is an application process * Can be terminated by the user * Background processes * Get started automatically * updating software * anti viruses * Windows Processes * system level processes * automatically get launched at start up * device drivers * windows memory management ### Process Priority * determines the amount of CPU time each processes will be allocated * there are 6 different levels * Realtime * High * Above normal * Normal * Below normal * Low #### Low * only be given cpu time when there are no other higher priority processes running on the system #### Normal * by default normal is used for the creation of a processes * NORMAL\_PRIORITY\_CLASS #### Realtime * full access to the cpu * very dangerous as this is higher than disk cache, mouse, keyboard * will leave no cycles for anything else ### Threads * a thread is the entity within a processes that can be scheduled for execution * All threads of a process share its virtual address space and system resources * Process can have many threads * also called multi threading ### Differences Processes and Threads * processes use much more resources * threads are lightweight * processes are a team trying to complete a project * thread is a single member of the team working on a part of a project * processes are independent of each other * threads are dependent on each other ### Handle * Generic unit of identification * pointer to our object * many different types of handles * the most common one is handles to processes and handles to modules * handles are system wide --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.ice-wzl.xyz/windows-malware-development/processes-threads-handles.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.