Svchost.exe

From Wikipedia, the free encyclopedia

In the Windows NT family of operating systems, Svchost.exe is the name of a process and its associated image for hosting services. These services are contained within dynamically-linked libraries (DLLs). Information about services is stored in the Services registry key (HKLM\SYSTEM\CurrentControlSet\Services). If a service key's ImagePath setting refers to svchost.exe, the service is to be hosted by this generic process. The DLL loaded by svchost.exe is referenced by the value of 'ServiceDll' in the 'Parameters' key within that service's registry key.

End users in Windows XP Professional (and derivatives, such as Windows Server 2003 and Windows XP Media Center Edition) can run the following command at the system prompt to get a breakdown:

tasklist /svc /fi "imagename eq svchost.exe"

(NB: This command does not work in Windows XP Home.)

As the Service Control Manager (services.exe) loads services following Windows startup, it loads several svchost.exe instances. Each instance hosts one or more services associated with that instance by the "-k <service_group>" parameter included in the ImagePath setting in the service's registry key. The svchost.exe process itself identifies the services it hosts by checking the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost subkeys.

Grouping multiple services into a single process conserves computing resources. However, if one of the services causes an unhandled exception, the entire process will be crashed. In addition, identifying component services can be more difficult for end users. In Windows NT 5.1 (XP) and later editions, the tasklist command with the /svc switch includes a list of component services in each process. In Windows 6.0 (Vista) and later, a "Services" tab in Windows Task Manager includes a list of services and their groups and Process IDs (PIDs). Microsoft's Sysinternals Process Explorer also provides information about services running under svchost.exe processes.

Because it is a common system process, malware often uses a process name of svchost.exe to disguise itself. Determining the image path of a process and its invoking command line can help identify software masquerading in this way. The svchost.exe file included in Windows is located in the %SystemRoot%\System32 folder.

The 30 April, 2007 release of Windows Server Update Services 3.0 led to reports of svchost.exe issues, including 100% CPU usage, memory hogging, and excessive laptop fan/power usage.^[1]

[edit] See also

• List of Microsoft Windows components
• Windows NT Startup Process

[edit] References

[edit] External links

• Microsoft Support Page on svchost.exe
• Svchost Process Analyzer (Freeware)

v • d • e Windows components Core Aero · AutoRun · ClearType · Desktop Window Manager · DirectX · Explorer · Taskbar · Start menu · Shell (namespace · Special Folders · File associations) · Search (Saved search · iFilter) · Graphics Device Interface · Imaging Format · .NET Framework · Server Message Block  · XML Paper Specification · Active Scripting (WSH · VBScript · JScript) · COM (OLE · OLE Automation · DCOM · ActiveX · ActiveX Document · Structured storage · Transaction Server) · Previous Versions · Win32 console Management tools Backup and Restore Center · command.com · cmd.exe · Control Panel (Applets) · Device Manager · Disk Cleanup · Disk Defragmenter · Driver Verifier · Event Viewer · Management Console · Netsh · Problem Reports and Solutions · Sysprep · System Policy Editor · System Configuration · Task Manager · System File Checker · System Restore · WMI · Windows Installer · PowerShell · Windows Update · WAIK · WinSAT · Windows Easy Transfer Applications Calculator · Calendar · Character Map · Contacts · DVD Maker · Fax and Scan · Internet Explorer · Journal · Mail · Magnifier · Media Center · Media Player · Meeting Space · Mobile Device Center · Mobility Center · Movie Maker · Narrator · Notepad · Paint · Photo Gallery · Private Character Editor · Remote Assistance · Sidebar · Snipping Tool · Sound Recorder · Speech Recognition · WordPad Games Chess Titans · FreeCell · Hearts · Hold 'Em · InkBall · Mahjong Titans · Minesweeper · Purble Place · Solitaire · Spider Solitaire  · Tinker Kernel Ntoskrnl.exe · hal.dll · System Idle Process · Svchost.exe · Registry · Windows service · Service Control Manager · DLL · EXE · NTLDR / Boot Manager · Winlogon · Recovery Console · I/O · WinRE · WinPE · Kernel Patch Protection Services BITS · Task Scheduler · Wireless Zero Configuration · Shadow Copy · Error Reporting · Multimedia Class Scheduler · CLFS File systems NTFS (Hard link · Junction point · Mount Point · Reparse point · Symbolic link · TxF · EFS) · FAT32·FAT16·FAT12 · exFAT · CDFS · UDF · DFS · IFS Server Domains · Active Directory · DNS · Group Policy · Roaming user profiles · Folder redirection · Distributed Transaction Coordinator · MSMQ · Windows Media Services · Rights Management Services · IIS · Terminal Services · WSUS · Windows SharePoint Services · Network Access Protection · DFS Replication · Remote Differential Compression · Print Services for UNIX · Remote Installation Services · Windows Deployment Services · System Resource Manager · Hyper-V Architecture NT series architecture · Object Manager · Startup process (Vista) · I/O request packets · Kernel Transaction Manager · Logical Disk Manager · Security Accounts Manager · Windows Resource Protection · LSASS · CSRSS · SMSS · MinWin Security User Account Control · BitLocker · Defender · Data Execution Prevention · Security Essentials · Protected Media Path · Mandatory Integrity Control · User Interface Privilege Isolation · Windows Firewall · Security Center Compatibility Unix subsystem (Microsoft POSIX  · Interix) · Virtual DOS machine · Windows on Windows · WOW64 · Windows XP Mode