Before we go any further with procmon, we need to understand a few concepts.
A process comprises;
- a virtual memory container that holds executable code, memory mapped files and data structures,
- resources that are attached via handles,
- a collection of threads that represent paths through the executable code and run on a CPU, and
- a security context (the userid under which all of the process threads are running).
In this video blog ...