Source: How to determine what services are running under a SVCHOST.EXE process
Address : <http://www.bleepingcomputer.com/tutorials/tutorial129.html>
Determining the services running under a SVCHOST.EXE process using Task List
For those who like to tinker around in a Windows command prompt/console window, and have Windows XP Pro or Windows 2003, there is a Windows program called tasklist.exe that can be used to list the running processes, and services, on your computer. To use task list to see the services that a particular SVCHOST.EXE process is loading, just follow these steps:
1. Click on the Start button and then click on the Run menu command.
2. In the Open: field type cmd and press enter.
3. You will now be presented with a console window. At the command prompt type tasklist /svc /fi "imagename eq svchost.exe" and press the enter key. You will see a list of the processes on your computer as well as the services that a SVCHOST.EXE process is managing. This can be seen in the image below.
TaskList /svc output
When you are done examining the output, you can type exit and press the enter key to close the console window.
或安裝另一個windows的監控程式
Source: Process Explorer for Windows v10.21
Address : <http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx>
Process Explorer for Windows v10.21
By Mark Russinovich
Introduction
Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
Process Explorer works on Windows 9x/Me, Windows NT 4.0, Windows 2000, Windows XP, Server 2003, and 64-bit versions of Windows for x64 and IA64 processors, and Windows Vista.
Related Items
Here are some other handle and DLL viewing tools and information available at Sysinternals:
| • | TechNet On-Demand Webcast: Advanced Malware Cleaning - Learn from Mark how to use the Sysinternals tools to identify malware infestations, from standard spyware to kernel-mode rootkits, and clean them off your systems. |
| • | Handle - a command-line handle viewer |
| • | ListDLLs - a command-line DLL viewer |
| • | PsList - local/remote command-line process lister |
| • | PsKill - local/remote command-line process killer |
Microsoft Process Explorer KB Articles
The following Microsoft KB articles reference Process Explorer for diagnosing or troubleshooting various problems:
Download Process Explorer (1.5 MB)
沒有留言:
張貼留言