Recipe6.6.Finding the Services Run from a Process
Recipe 6.6. Finding the Services Run from a ProcessProblemYou want to find the services being run from a process. In some cases, multiple services may be run from a single process. SolutionUsing a graphical user interface
Using a command-line interfaceThe following command displays the services that are run from the lsass.exe process: > tasklist /svc /FI "IMAGENAME eq lsass.exe" You can also use the tlist.exe command from the Windows 2000 Support Tools to show similar information: > tlist -s | findstr Svcs: | findstr lsass.exe Using VBScript' This code displays the services run from the specified process. ' ------ SCRIPT CONFIGURATION ------ strComputer = "." strProcess = "lsass.exe" ' name of process ' ------ END CONFIGURATION --------- set objWMI = GetObject("winmgmts: \\" & strComputer & "\root\cimv2") set colProcess = objWMI.ExecQuery("Select ProcessID from Win32_Process " & _ " Where Name = '" & strProcess & "'" ) for each objProcess in colProcess intPID = objProcess.ProcessID next WScript.Echo "Services run from process: " & strProcess set colProcesses = objWMI.ExecQuery("Select Name from Win32_service " & _ " Where ProcessID = " & intPID) for each objProcess in colProcesses WScript.Echo " " & objProcess.Name nextDiscussionIt is not uncommon for a single process to host multiple services. A good example of this is the svchost.exe process. Typically, you'll see several svchost processes running at any time on a system. That is because svchost is a generic process that is used by services that are run from dynamic link libraries (DLLs). If all of the code for a service is housed in a DLL, it still needs a process to accept and respond to SCM requests and handle other process management functions. svchost provides this functionality.
See AlsoMS KB 250320 (Description of Svchost.exe in Windows 2000) and MS KB 314056 (A description of Svchost.exe in Windows XP) |
EAN: 2147483647
Pages: 380