Identifying the Services Running in a Process

Microsoft® Windows® 2000 Scripting Guide

microsoft windows 2000 scripting guide

« Previous | Next »   

Windows 2000 allows services to run in a shared process. This means a single executable file can be responsible for running multiple services, an approach that helps conserve system resources. In Windows 2000, each new process is given a minimum working set (memory size) of 800 kilobytes (KB). If you are running five services in separate executable files, that adds up to 4 megabytes (MB) of working set space. By running the five services from a single executable file, you might be able to limit memory use to the 800 KB minimum required for a single executable file.

This is possible if the memory required by each of the services totals 800 KB or less. For example, if each service requires 100 KB of memory, the total memory required by the five services running under a single executable file is 500 KB. In this case, the single executable file is then assigned the minimum 800 KB of memory. If you run each service as a separate executable file, each is assigned the minimum 800 KB, and the five services combined thus use 4 MB of memory.

The reduction in memory use represents the advantage of running multiple services in a single process. The disadvantage is the fact that this can complicate system administration in at least two ways:

  • When services share a process, the failure of any one service in that process results in the failure of all the services in the process.

    For example, if 10 services share a process and Service 1 fails, Services 2 through 10 also fail.

  • Determining which services are running in which process is difficult.

    This is especially true for the operating system application Svchost.exe. Svchost.exe is a generic host process for services running from dynamic-link libraries (DLLs). On a typical Windows 2000 based computer, multiple copies of Svchost.exe are running, each hosting a different set of services. For example, the Netsvcs group hosts four services: Netman, Rasman, Rasauto, and RemoteAccess.

Note

  • During system startup, Svchost.exe checks the registry for the set of services to load together in a shared process. The Svchost.exe groups and the services hosted by each group are identified in the registry subkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost.

Knowing the services that run in a given process provides important information when you are troubleshooting computer problems. For example, if an instance of Svchost.exe appears to be leaking memory, you need to know which services are affected if you stop that process. If an instance of Svchost.exe stops running, you need to know which services to restart.

You can use WMI to determine which services are running in a given process. You can do this by retrieving the service path name (for example, C:\Windows\System32\Services.exe) and then enumerating all the services that share that path.

Scripting Steps

You can display services running in shared processes by doing the following:

  • Displaying the services running in a single shared process
  • Displaying the services running in all processes

Displaying the services running in a single shared process

Listing 15.5 contains a script that displays the services running in a single shared process, Services.exe. To carry out this task, the script must perform the following steps:

  1. Create a variable to specify the computer name.
  2. Use a GetObject call to connect to the WMI namespace root\cimv2, and set the impersonation level to "impersonate."
  3. Use the ExecQuery method to query the Win32_Service class. This returns a collection consisting of all the services installed on the computer.
  4. For each service in the collection, check to see whether the PathName is C:\Windows\System32\Services.exe. (The path name indicates the executable file responsible for the service.) If True, echo the service display name.

Listing 15.5   Displaying the Services Running in a Specified Process

1 2 3 4 5 6 7 8 9 
strComputer = "." Set objWMIService = GetObject("winmgmts:" _     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colListOfServices = objWMIService.ExecQuery("SELECT * FROM Win32_Service") For Each objService in colListOfServices     If objService.PathName = "c:\windows\system32\services.exe" Then         Wscript.Echo objService.DisplayName     End If Next

Displaying the services running in all processes

The script shown in Listing 15.5 works well for services running in a standard executable file such as Services.exe. However, it is less useful for services running in Svchost.exe because several instances of Svchost.exe are probably running on your computer. A script that enumerates services by using the path name lists all the services running under all the instances of Svchost.exe as if they were all part of the same process.

However, you can use the ProcessID property to determine which services are running in a given process: retrieve the list of process IDs corresponding to active services, and then query each ID to determine the individual services sharing that process.

Listing 15.6 contains a script that displays the services running in all the processes on a computer. To carry out this task, the script must perform the following steps.

  1. Create a Dictionary object.

    This is used to temporarily store the unique process ID for each service.

  2. Create a variable to specify the computer name.
  3. Use a GetObject call to connect to the WMI namespace root\cimv2, and set the impersonation level to "impersonate."
  4. Use the ExecQuery method to query the Win32_Service class. Because process IDs are valid only for services that are running, a Where clause is included to limit data retrieval to those services that are not stopped.
  5. For each service in the collection, retrieve the process ID and then check to see whether that ID has been stored in the Dictionary object.

    This generates a list of unique process IDs. If the ID is already in the Dictionary, the script simply proceeds; this ensures that no duplicate IDs are added to the Dictionary. If the process ID is not in the Dictionary, the script adds the ID.

  6. Retrieve the list of all Dictionary items (the unique process IDs).
  7. Create a loop that cycles through all the items in the Dictionary.

    The loop must begin at 0 because the first item in the Dictionary is assigned item 0. This also means that the loop must end at the number of items minus 1. For example, if the Dictionary has 5 items, the loop would be from 0 to 4 because the Dictionary would contain items 0, 1, 2, 3, and 4.

  8. For each Dictionary item (process ID), use a GetObject call to retrieve the list of services from the Win32_Service class that have that same process ID.
  9. Echo the process ID.
  10. Echo the display name for each service running in that process.

Listing 15.6   Displaying the Services Running in All Processes on a Computer

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 
set objIdDictionary = CreateObject("Scripting.Dictionary") strComputer = "." Set objWMIService = GetObject("winmgmts:" _     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colServices = objWMIService.ExecQuery _     ("Select * from Win32_Service Where State <> 'Stopped'") For Each objService in colServices     If objIdDictionary.Exists(objService.ProcessID) Then     Else         objIdDictionary.Add objService.ProcessID, objService.ProcessID     End If Next colProcessIDs = objIdDictionary.Items For i = 0 to objIdDictionary.Count - 1     Set colServices = objWMIService.ExecQuery _         ("SELECT * FROM Win32_Service WHERE ProcessID = '" & _             colProcessIDs(i) & "'")     Wscript.Echo "Process ID: " & colProcessIDs(i)     For Each objService in colServices         Wscript.Echo VbTab & objService.DisplayName     Next Next

When the script in Listing 15.6 is run using Cscript.exe, output similar to the following is displayed in the command window:

Process ID: 1332         Windows Installer Process ID: 228         Net Logon         IPSEC Policy Agent         Security Accounts Manager Process ID: 676         Remote Registry Service 

send us your feedback Send us your feedback « Previous | Next »   


Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 635

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net