Many executing components of Windows are implemented as services (see all services on your machine opening Control Panel > Administrative Tools > Services). These are specialized programs running in the background. They are not started by the logged-in user, but my the operating system itself.
Most services aren't stand-alone executables (EXE files), but are implemented in libraries (DLLs), which can be used by running processes. As the name suggests, Svchost or "Service Host" is Windows' standard executable for running these DLLs. You can find svchost.exe file in the %systemroot%\system32 directory.
If you want to know which instance of svchost is executing which service, type
tasklist /svc /fi "IMAGENAME eq svchost.exe"
on a command line console (cmd).
On the machine, where I made the screenshot, one of the instances of svchost is running 21 different services, for example. This grouping of services allows for better control and easier debugging, according to Microsoft's documentation.
Svchost.exe groups are identified in the following registry key:
A tip (if you run Windows Vista, Windows 7 or Windows Server 2008): you can open the Task Manager and right-click on a particular svchost.exe process, and then choose the "Go to Service" option. This will show the Services tab, where all services running under the selected svchost.exe process will be marked.
There is a very interesting document in Microsoft's Download Center:
This document contains summaries all
of the services available for the
Windows Server 2003 family of
operating systems. The services are
listed in alphabetical order by
display name. Following a description
of each service, a table lists key
information about the service.
Every Windows service is listed with all its details. You learn, for example, that the executable file name of the Terminal Services service is
Svchost is short for "Service Host". It keeps most of the Services on your machine running. There will be a few Services that host themselves in their own .exe file, but most of Windows' Services need to be hosted inside a svchost.exe process. The Services on your machine handle important stuff like networking, RpC server, audio, event log etc.
Type "services.msc" in Start->Run to view the Services you have running on your machine. If you deem anyone unneccecary you can stop the service.
Type "tasklist /SVC" to see which services are hosted by the different svchost.exe files.
Here is a PowerShell one-liner that outputs all services hosted in svchost.exe processes:
PS>get-process svchost | % {get-wmiobject win32_service -filter "processid=$($_.id)"} | format-table processid,name,displayname,state,status -auto
processid name displayname state status
--------- ---- ----------- ----- ------
316 HTTPFilter HTTP SSL Running OK
1328 DcomLaunch DCOM Server Process Launcher Running OK
1328 TermService Terminal Services Running OK
1392 RpcSs Remote Procedure Call (RPC) Running OK
1528 AudioSrv Windows Audio Running OK
1528 BITS Background Intelligent Transfer Service Running OK
1528 Browser Computer Browser Running OK
Many executing components of Windows are implemented as services (see all services on your machine opening
Control Panel > Administrative Tools > Services). These are specialized programs running in the background. They are not started by the logged-in user, but my the operating system itself.Most services aren't stand-alone executables (EXE files), but are implemented in libraries (DLLs), which can be used by running processes. As the name suggests, Svchost or "Service Host" is Windows' standard executable for running these DLLs. You can find svchost.exe file in the
%systemroot%\system32directory.If you want to know which instance of svchost is executing which service, type
on a command line console (cmd).
On the machine, where I made the screenshot, one of the instances of svchost is running 21 different services, for example. This grouping of services allows for better control and easier debugging, according to Microsoft's documentation.
Svchost.exe groups are identified in the following registry key:
A tip (if you run Windows Vista, Windows 7 or Windows Server 2008): you can open the Task Manager and right-click on a particular svchost.exe process, and then choose the "Go to Service" option. This will show the Services tab, where all services running under the selected
svchost.exeprocess will be marked.There is a very interesting document in Microsoft's Download Center:
Microsoft Windows Server 2003 System Services Reference
Every Windows service is listed with all its details. You learn, for example, that the executable file name of the Terminal Services service is
svchost, hosts services in Windows See KB. If you use Process Explorer you can see which services are being ran inside a particular process.
Svchost is short for "Service Host". It keeps most of the Services on your machine running. There will be a few Services that host themselves in their own .exe file, but most of Windows' Services need to be hosted inside a svchost.exe process. The Services on your machine handle important stuff like networking, RpC server, audio, event log etc.
Type "services.msc" in Start->Run to view the Services you have running on your machine. If you deem anyone unneccecary you can stop the service.
Type "tasklist /SVC" to see which services are hosted by the different svchost.exe files.
Here is a PowerShell one-liner that outputs all services hosted in svchost.exe processes:
Shorter version of an one-liner looks like this:
This article might help: http://www.gfi.com/blog/exploring-svchostexe-part-1/