Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
The Question
SuperUser reader Agovizer took a long hard look at the table Process display table in the Windows Task Manager and came back with some questions, specifically:
We hopped over into the Task Manager on our machine and sure enough there were no processes assigned in slots 1, 2, and 3–although our PIDs jumped from 4 to 340, as opposed to his 4 to 200.
The Answer
SuperUser contributor G Koe closes the case in one swoop:
Everything he suggests checks out: we’re missing 1, 2, and 3 (not multiples of 4) and every PID value in our list from 340 to 13136 is divisible by 4.
Handles are always multiples of four. The Kernel handle process object is used for both process handles and process/thread IDs. It happens that handle values all start at 0x4 (bit 2), and the InitialSystemProcess is the first process to be created, so it gets a PID of 4. Idle process isn’t actually a process and you can’t open it. It probably doesn’t have a real PID but most tools consider it to be 0.
More on the NT handle table here although this is only accurate for NT3-5(xp) , as Windows 7 now requires that you only reference kernel handles if attached to PsInitialSystemProcess.
More on Windows 7/8 Handle limits from Mark Russinovich
More on the “multiples of four” in PIDs
Have something to add to the explanation? Sound off in the the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.
