Process Monitor Lab - Dean-116/SYS-140-dean GitHub Wiki

I worked on a lab in class that had to do with learning about threads and processes. To do this I started by downloading some software that would show processes and then let me see the threads of these processes. I found my first thread of a process and then wrote down its TID and start address. I then kept the program open and launched the calculator app to see it appear on the program and what name it would appear as. I then found its start location which has a similar name to what its called in the process. (In the process it was called win32calc.exe and it's start address was called Win32calc.exe+0x5cf20). I then choose to research WordPad next. It was called wordpad.exe under processes and then I had to find another process it was associated with. Looking at the program it looks like it was under the file explorer process which was called expoler.exe which was the same place the windows calculator was.