Monday, October 27, 2008

what is svchost.exe?


Introduction:-
Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs) in windows system.
During startup system create multiple instances of svchost.exe with each instance having some specific process that is defined in registry.
NOTE:- That's why you see many program named svchost.exe in task manager.

Q) where is it present?
Ans) it is present in the windir/system32 directory. As it is difficult for us to see which services are running in background or are contained by svchost.exe therefore there is a command to see all the process inside it.

tasklist /svc /fi "imagename eq svchost.exe"

here,
  • tasklist: it is used to display the program under task manager
    arguments:-
    • svc: this argument is used to see services running behind the process.
    • fi: this argument indicate which of the program you want to select. with the name inside the double quote and also "imagename eq" ahead to file name.

Q) How To change Process in svchost?
Ans) The information of process to be start at startup is stored at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost.
now u can change the process to be run at startup from there.
NOTE:-
  1. Change registry at your own risk.
  2. kill a process using command prompt:-
    • press start.
    • then go to run.
    • type there cmd and hit enter
    • then type taskkill /IM "process name"
    • hit enter.
For more detail go here

3 comments:

Do not write Spam comment