In this edition of the Windows Desktop Report, Greg Shultz shows you how to use Svchost Viewer to track down detailed information about any Svchost.exe process running in Windows 7.
Back in November of last year in my blog post titled "Identify and Get Detailed Information about Processes in Windows 7," I showed you how to use Windows Task Manager to track down detailed information about any process running in Windows 7. As I did, I mentioned that if the process you are interested in learning more about is listed as Svchost.exe, you can use the Tasklist command-line tool to learn which services are running in a Svchost.exe process by opening a Command Prompt and using the command
Tasklist /svc /fo list
When you do, you'll see a list of all the currently running processes and can scroll through the list, find the Svchost.exe processes, and see a list of all the services that are running under it.
Of course, a lot of folks mentioned that Process Explorer, by Mark Russinovich and available from Microsoft's Windows SysInternals website, does a great job of providing information on all running processes. However, I recently came across a tool that specializes in just Svchost.exe processes, called Svchost Viewer. While this tool doesn't do anything that Process Explorer isn't capable of, it doesn't muddy the water with an overabundance of features.
Now, don't get me wrong. I am not saying that you shouldn't use Process Explorer. It's just that it is much quicker to identify Svchost.exe processes with Svchost Viewer. In fact, I would recommend that you have both Process Explorer and Svchost Viewer in your toolbox.
This blog post is also available in PDF format in a TechRepublic download.
Getting Svchost Viewer
Once you download Svchost Viewer, you'll discover that the program comes as a stand-alone executable file that is ready to run as soon as you extract it from the Zip file — there's no installation procedure. An added benefit here is that you can put Svchost Viewer on a USB flash drive and easily run it on any computer. And best of all, Svchost Viewer is an open-source application, so there is no initial cost.
While I will be showing you how Svchost Viewer works in Windows 7, note that it also runs fine in Windows XP and Windows Vista. (Keep in mind that Svchost Viewer requires that you have Microsoft .NET Framework installed — 2.0 or higher.)
Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday.
Using Svchost ViewerWhen you launch Svchost Viewer, it will take a few moments to scan your system and compile a list of all the Svchost.exe processes that it finds. Once that is complete, you will find that all the Svchost.exe processes appear in a tree structure on the left side of the user interface, as shown in Figure A. Underneath each Svchost.exe process, you'll see all the services that are running under it. On the right side is a panel that will display all kinds of detailed information for the selected item.
Svchost Viewer uses a tree structure to list all the Svchost.exe processes it finds on your system.
At the bottom, you can find totals. As you can see on my example system, there are 13 Svchost.exe processes running 60 services.If you focus in on the Svchost Information panel on the right, as shown in Figure B, you can find information about the Svchost.exe process itself. For example, you can see its PID (Process Identifier) number, which, as you may remember, can be used to specifically identify each Svchost.exe process on Windows Task Manager's Services tab. You'll also see how much memory Svchost.exe process is using as well as the amount of data that has recently been written and read.
In the Svchost Information panel, you can find information about the Svchost.exe process itself.If you select any of the services in the tree, the Service Information panel on the right will become populated, as shown in Figure C. As you can see, this panel shows the service's name, its Start mode, its Status, as well as the service'sability to be paused or stopped. The Description specifically identifies the service.
When you select a service running under a Svchost process, you'll be able to find very detailed information about that particular service.In order to perform more advanced operations, just click the Service Control menu on the menu bar, as shown in Figure D. When you do, you'll be prompted to respond to a UAC. Once Svchost Viewer is running in Administrator mode, you can pull down the Tools menu, as shown in Figure E, and launch Windows' native Services tool, where you can perform a wide range of service-related operations, such as stopping a service or changing its Start mode.
Clicking the Service Control menu on the menu bar prompts you to respond to a UAC.
Once Svchost Viewer is running in Administrator mode, you can launch Windows' native Services tool.
You can also have Svchost Viewer create a report that will list all the Svchost.exe processes and the accompanying services.
What's your take?
Have you used Windows Task Manager's features to track down details of running processes? Do you think that a tool like Svchost Viewer would be more useful? As always, if you have comments or information to share about this topic, please take a moment to drop by the TechRepublic Community Forums and let us hear from you.