ittrainingday.com Web analytics

Thursday, 14 February 2013

What is svchost.exe?

   In the Windows Operating Systems, svchost.exe is a system process that usually hosts multiple services. Svchost executable runs multiple instances and each one will host a different Windows service. This technique is used to reduce the computer's resource utilization, because several services can be hosted using only one instance of the svchost.exe (these services must be set in the shared mode). The svchost location is  \System32\Svchost.exe:
svchost

You have probably seen svchost.exe when using task manager running in the Processes tab:
svchost process

   I've selected task manager to show you how to view the command line that runs behind a process. To achieve this press View, go to Select Columns and mark the Command Line field. The role of the svchost process is to host services from DLLs. You probably know by now that DLL files are nothing like executables because they need an external process to execute them, this is why svchost is used to run DLLs as services. You can view services that run under a svchost.exe process by:
   - right click the svchost process and press Go to service(s):
svchost process

Services that run under this instance will be automatically selected:
svchost process

    - another way to view these services is by opening a command prompt and typing tasklist /svc:
tasklist /svc command

You will see each svchost.exe instance (different PIDs) and the services than run behind them. I've found out a good explanation on how svchost.exe is implemented, on Wikipedia:
   "Services run in SvcHost are implemented as dynamically-linked libraries (DLLs). Such service's registry key must have a value named ServiceDll under the Parameters subkey, pointing to the respective service's DLL file. Their ImagePath definition is of the form %SystemRoot%\System32\svchost.exe -k netsvcs: all the services sharing the same SvcHost process specify the same parameter, having a single entry in the SCM's database. The first time that a SvcHost process is launched with a specific parameter, it looks for a value of the same name under the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost key, which it interprets as a list of service names. Then, it notifies the SCM of all the services that it hosts. SCM doesn't launch a second SvcHost process for any of those received services: instead, it simply sends a "start" command to the respective SvcHost process containing the name of the service that should be launched within its context, and whose respective DLL SvcHost loads."
(http://en.wikipedia.org/wiki/Svchost)
   OK folks, I hope you've made a general ideea of the svchost.exe process and how it works. I wish you all the best and stay tuned for more.
Posted by at 0 comments
Labels: , , , , , , , , ,
Share this post

0 comments

 
© IT training day
Modified by Popescu Dan-Alexandru
Original theme from BTemplates
Proudly powered by Blogger
Posts RSS
Back to top