- 论坛徽章:
- 0
|
|
Svchost.exe COM+ Event System (EventSystem)\r\n\r\nSUMMARY\r\nSvchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.\r\n\r\nSvchost.exe groups are identified in the following registry key: \r\nHKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Svchost\r\n\r\nEach value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value: \r\nHKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Service\r\n\r\nMORE INFORMATION\r\nTo view the list of services that are running in Svchost: \r\nFrom the Windows 2000 installation CD\'s Support\\Tools folder, Extract the Tlist.exe utility from the Support.cab file.\r\nOn the Start menu, click Run, and then type cmd.\r\nChange folder to the location from which you extracted the Tlist.exe utility.\r\nType tlist -s.\r\nTlist.exe displays a list of active processes. The -s switch shows the list of active services in each process. For more information about the process, type tlist pid.\r\n\r\nThe following sample Tlist output shows two instances of Svchost.exe running: \r\n0 System Process \r\n8 System \r\n132 smss.exe \r\n160 csrss.exe Title: \r\n180 winlogon.exe Title: NetDDE Agent \r\n208 services.exe Svcs: AppMgmt,Browser,Dhcp,dmserver,Dnscache,Eventlog,lanmanserver,LanmanWorkstation,LmHosts,Messenger,PlugPlay,ProtectedStorage,seclogon,TrkWks,W32Time,Wmi\r\n220 lsass.exe Svcs: Netlogon,PolicyAgent,SamSs \r\n404 svchost.exe Svcs: RpcSs \r\n452 spoolsv.exe Svcs: Spooler \r\n544 cisvc.exe Svcs: cisvc \r\n556 svchost.exe Svcs: EventSystem,Netman,NtmsSvc,RasMan,SENS,TapiSrv \r\n580 regsvc.exe Svcs: RemoteRegistry \r\n596 mstask.exe Svcs: Schedule \r\n660 snmp.exe Svcs: SNMP \r\n728 winmgmt.exe Svcs: WinMgmt \r\n852 cidaemon.exe Title: OleMainThreadWndName \r\n812 explorer.exe Title: Program Manager \r\n1032 OSA.EXE Title: Reminder \r\n1300 cmd.exe Title: D:\\WINNT5\\System32\\cmd.exe - tlist -s \r\n1080 MAPISP32.EXE Title: WMS Idle \r\n1264 rundll32.exe Title: \r\n1000 mmc.exe Title: Device Manager \r\n1144 tlist.exe \r\n\r\nThe registry setting for the two groupings for this example are as follows: \r\nHKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Svchost:\r\nnetsvcs: Reg_Multi_SZ: EventSystem Ias Iprip Irmon Netman Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess Tapisrv Ntmssvc\r\nrpcss :Reg_Multi_SZ: RpcSs |
|
免费注册
发表于 2003-09-29 15:27