Windows DatabaseebooksStatistical Information

LWE10171 : Which process belongs to a certain systemservice under windows? How to identify the process ID (PID) of a system service.

Symptom:

Systemprocesses (like Windows Firewall) cannot be identified in Tasklist or Taskmanager

Cause:

Some of Windows services run under "svchost.exe"

Solution:

Use command TASKLIST in a command shell. Without parameter it delivers a Tasklist similar to the list of processes under Taskmanager (example 1).
While names like cmd.exe or perl.exe are obvious, others need to be known (spoolsv.exe - spooler service, csrss.exe - Client Server Runtime).

For finding the process ID (PID) of a certain service, you might need to know it's original servicename, for instance "SharedAccess" is the servicename for the displayname "Windows Firewall/Shared Internet Access". It can be looked up in the properties of the process in services management Console.

Use TASKLIST /SVC in order to view the services belonging to a (svchost-) process:
...
svchost.exe                 924 DcomLaunch, TermService
svchost.exe                 992 RpcSs
svchost.exe                1100 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
                                ERSvc, EventSystem, helpsvc, lanmanserver,
                                lanmanworkstation, Netman, Nla, RasMan,
                                Schedule, seclogon, SENS, SharedAccess,
                                ShellHWDetection, srservice, Themes, TrkWks,
                                W32Time, winmgmt, wuauserv, WZCSVC
svchost.exe                1156 Dnscache...

and voilà, there they are (above example of Windows Firewall runs as "Shared Access" under PID 1100).

EXAMPLE 1:

F:\>tasklist
Abbildname                  PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ===== ================ ========== ===============
System Idle Process           0 Console                   0            28 K
System                        4 Console                   0           184 K
smss.exe                    592 Console                   0           160 K
csrss.exe                   640 Console                   0         5.228 K
winlogon.exe                664 Console                   0         4.904 K
services.exe                708 Console                   0         2.288 K
lsass.exe                   720 Console                   0         1.620 K
Srvany.exe                  904 Console                   0           180 K
svchost.exe                 924 Console                   0         2.716 K
svchost.exe                 992 Console                   0         1.768 K
svchost.exe                1100 Console                   0        10.684 K
svchost.exe                1156 Console                   0         1.336 K
cmd.exe                    1300 Console                   0           268 K
perl.exe                   1308 Console                   0           572 K
svchost.exe                1316 Console                   0         2.308 K
spoolsv.exe                1516 Console                   0         3.080 K
...


Disclaimer:

The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!
Copyright © 2004-2011 Lubby (V3.0.10 Aug 2011)
Sponsored by Keskon.
Statistical information by Google Analytics