How to check who killed process in windows

In this article, I am going to show you, how to identify the reason behind windows process termination.

The procedure is valid on all windows platforms whether its windows 7, 8 10 or Server 2008 R2, 2012 R2 or Windows 2016.However, you need to download the compatible Windows debugging tools kit for Windows 32 bit and 64 bit. Windows debugging tools are part of Windows SDK toolkit.
Once you installed Windows debugging tools, you need to open Global Flags. Below is an example of global flag tool.

Click Start – All Programs – Windows kit – Global flags.

Global Flags (X86) corresponds to 32 bit process monitoring.
Global Flags (X64) corresponds to 64 bit process monitoring.




























In this example, I am going to monitor MS Word 32 bit application.
Click Silent Process Exit – Image: (TAB to refresh): winword.exe – hit TAB key to enable other option – Check “ Enable Silent process Exit monitoring.

Click Apply and Ok.





























Now Open MS Word and Close it normally. You will get event 3000 under Event viewer for normal application termination. Below is a screen shot.








Now again open MS Word and kill it using Task manager.
It will show the reason for process termination and the process name, which killed Wnword.exe.









This is the easiest way to identify which process is responsible for process termination.
Later you can disable the Silent process monitoring from Global flags.






Comments

Post a Comment

Popular posts from this blog

The System could not log you on. The revocation status of the smart card certificate used for authentication could not be determined

Image
OS: Windows 7, Windows 10 Server OS: Windows 2003, 2008, 2008 R2, 2012, 2012 R2 and Windows Server 2016 Condition: Error message when we use smart to log in on a domain computer. Cause:  This happens when Certificate Authority (CA) service stopped and CA is unable to publish the CRL (certificate revocation list) and revocation list is expired. Solution : Log in to CA server using CA admin user. Click Start à Run à Services.msc and press Enter to open services console. Check “Active Directory Certificate services”, if the service is stopped, then Right Click à Click on Start. Wait for some time, CA should publish the new CRL. If you want to force the CRL publication then follow below steps. Click Start à Run à Control and Press Enter to open Control Panel. Double Click Administrative tools à Double Click on Certificate Authority. Right Click on Revoked Certificates à All Tasks à Publish Now ask user to restart their client machines so that client machines can recei...
Read more

Unblock gemalto .net smart cards using Gemalto response calculator

Image
Gemalto has provided a utility to calculate the response using Gemalto response calculator so that blocked .net smart cards can be unblocked. First, download and install Gemalto Mini Drive from Gemalto website. Now, push below group policy on all domain client machines so that users can get challenge when their smart cards are blocked. Open Group Policy Management Console à Computer Configuration à Administrative Templates à Windows Components à Smart Card à Enabled “Allow Integrated Unblock screen to be displayed at the time of Logon”. After applying the Group policy, whenever user smart card gets blocked, they will receive a screen which will show them a challenge. Open Gemalto Response Calculator using below steps. Click on Start Menu à All Programs à Gemalto à Response Calculator; you will get below application opened. Enter the Challenge and Click on Calculate Response. Below is an example image. It will generate a response. Ask the user to enter the response in response ...
Read more