LKBEN10729: Which process belongs to a certain systemservice under windows? How to identify the process ID (PID) of a system service.
Systemprocesses (like Windows Firewall) cannot be identified in Tasklist or Taskmanager
Some of Windows services run under "svchost.exe"
Use command TASKLIST in a command shell. Without parameter it delivers a Tasklist similar to the list of processes under Taskmanager (example 1).
While names like cmd.exe or perl.exe are obvious, others need to be known (spoolsv.exe - spooler service, csrss.exe - Client Server Runtime).
For finding the process ID (PID) of a certain service, you might need to know it's original servicename, for instance "SharedAccess" is the servicename for the displayname "Windows Firewall/Shared Internet Access". It can be looked up in the properties of the process in services management Console.
Use TASKLIST /SVC in order to view the services belonging to a (svchost-) process:
svchost.exe 924 DcomLaunch, TermService
svchost.exe 992 RpcSs
svchost.exe 1100 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem, helpsvc, lanmanserver,
lanmanworkstation, Netman, Nla, RasMan,
Schedule, seclogon, SENS, SharedAccess,
ShellHWDetection, srservice, Themes, TrkWks,
W32Time, winmgmt, wuauserv, WZCSVC
svchost.exe 1156 Dnscache...
and voilà, there they are (above example of Windows Firewall runs as "Shared Access" under PID 1100).
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ===== ================ ========== ===============
System Idle Process 0 Console 0 28 K
System 4 Console 0 184 K
smss.exe 592 Console 0 160 K
csrss.exe 640 Console 0 5.228 K
winlogon.exe 664 Console 0 4.904 K
services.exe 708 Console 0 2.288 K
lsass.exe 720 Console 0 1.620 K
Srvany.exe 904 Console 0 180 K
svchost.exe 924 Console 0 2.716 K
svchost.exe 992 Console 0 1.768 K
svchost.exe 1100 Console 0 10.684 K
svchost.exe 1156 Console 0 1.336 K
cmd.exe 1300 Console 0 268 K
perl.exe 1308 Console 0 572 K
svchost.exe 1316 Console 0 2.308 K
spoolsv.exe 1516 Console 0 3.080 K
Disclaimer:The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!
About the Author
Author:- Keskon GmbH & Co. KG
Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience, including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform.