Tuesday, May 26, 2009

What about svchost.exe

I was watching my task manager the other day and found that a process called svchost.exe was eating up my processor.  A significant amount of my performance was being eaten by this process and I had no idea what it was doing, so I did a little research.


The Windows operating system has migrated over the years from using .exe's for running internal system functions to .dll's.  In essence, a .dll cannot run on it's own.  It has to be launched from a .exe.  This is the function of the svchost.exe.  The services are organized into logical groups and then assigned to a svchost.exe.


To check what services are being run by the svchost.exe processes:


From the command prompt type tasklist /SVC.


Cmd


It will give you a list of services run by each svchost.exe and the PID of that process.


In VISTA it's even easier.


You can right click the process from the processes tab in the task manager and select Go to Service(s).  You will be switched to the services tab and all the services that are run by that process will be highlighted.


Services  


Another way to get a good look at the information is to use process monitor from sysinternals/Microsoft.


This tool allows you to right click over a process and the popup shows you all of the services running in the process.  This tool is worth investigating because it does a lot more than this.  If you are interested in this type of OS functionality give it a look.


Processmon  


As it turns out most of the services that these svchost.exe processes run are necessary (at least on my machine, individual results may vary) so I couldn't comfortably shut any of them down.  I do, at least, feel a little better knowing more about what's going on on my machine.


Adrian Fanjoy


Technical Services manager


CATI



2 comments:

  1. Nice tip. I especially like that you included the command line version for those of us from the old school.

    ReplyDelete
  2. Recently, we found an application that can show you which DLLs, and where they are located in your HDD, are running svchost.exe.
    Here is the link
    http://www.neuber.com/free/svchost-analyzer/index.html

    ReplyDelete