Process File: svchost or svchost.exe
Process Name: Generic Service Host Process for Win32 Services
Process Type: System Process
Location: C: \ windows \ system32 \ svchost.exe (if your svchost.exe process is not in this directory, then we must be careful)
English Description: svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated. Note: svchost.
English Reference: svchost.exe is a part of Microsoft's Windows operating system programs, Microsoft's official explanation is that it: Svchost.exe is from dynamic-link library (DLL) to run the service in a generic host process name. This program running on your system, it is very important and can not be ended.
(Note: svchost.exe could also be W32.Welchia.Worm virus, which uses Windows LSASS vulnerability, creating a buffer overflow, causing your computer shutdown. More details refer to: http://www.microsoft.com/technet / security/bulletin/ms04-011.mspx, the process of security level is recommended for immediate deletion.)
Chupin by: Microsoft Corp.
Are: Microsoft Windows Operating System
System Process: Yes
Daemon: Yes
Network-related: Yes
Common Errors: N / A
Memory Usage: N / A
Security level (0-5): 0
Spyware: No
Adware: No
Virus: No
Trojan: No
Found that:
Nt kernel-based windows operating system family, different versions of the windows system, there are different number of "svchost" process, the user use "Task Manager" to see the number of its processes. In general, win2000 two svchost process, winxp in there with four or more of the svchost process (later to see the system has more than one of this process, please do not immediately determine the system has a virus, the yo), while the win2003server China is much greater. The svchost process a lot of system services, such as: rpcss Service (remoteprocedurecall), dmserver Service (logicaldiskmanager), dhcp service (dhcpclient) and so on. To a Windows Vista system svchost process, as many as 12, which svchost.exe is the same file path C: \ Windows \ System32 \ svchost.exe, They are imgsvc, NetworkServiceNetworkRestricted, LocalServiceNoNetwork, NetworkService, LocalService, netsvcs, LocalSystemNetworkRestricted , LocalServiceNetworkRestricted, services, rpcss, WerSvcGroup, DcomLaunch Services Group. If you want to learn more about each svchost process, in the end provide a number of system services, you can win2000 command prompt window, type "tlist-s" command to see that the Order is win2000supporttools provide. The winxp use "tasklist / svc" command.
svchost can contain multiple service
In-depth: windows system process and sharing process of the independence process is divided into two kinds, "svchost.exe" file exists in "% systemroot% system32" directory, it belongs to sharing the process. With the growing number of windows system services, in order to save system resources, Microsoft has made many services share the way, by the svchost.exe process to start. But the svchost process is only as a service host, and can not be achieved any service function, that is, it can only provide the conditions for other services have been started here, but did not give its own customers any services. That these services is how to achieve it?
These system services based on the original dynamic link library (dll) achieved in the form, they point to the executable program svchost, call the appropriate service from the svchost dynamic link library to start the service. That svchost, how to know a system which will serve the dynamic link library which calls it? This is done by system service in the registry to set the parameters to achieve. Here's to rpcss (remoteprocedurecall) services as an example to explain.
Can be seen from the startup parameters in the service is to start by svchost.
Examples
With windowsxp, for example, click on "Start" / "Run", type "services.msc" command, the Services dialog box pops up, and then open the "remoteprocedurecall" Properties dialog box, you can see the rpcss service's executable file path is " c: \ windows \ system32 \ svchost-krpcss ", This shows that the rpcss service is to rely on svchost called" rpcss "parameter to achieve, while the parameters of the content is stored in the system registry.
In the Run dialog box, type "regedit.exe" after the carriage return, open the Registry Editor, locate the [hkey_local_machine \ system \ currentcontrolset \ services \ rpcss] key, find the type of "reg_expand_sz" key "Imagepath", its key for the "% systemroot% system32svchost-krpcss" (which is in the service window to see the service start command), the other in the "parameters" have a sub-item entitled "servicedll" key, its value is "% systemroot% system32rpcss . dll ", where" rpcss.dll "is the rpcss service to use the dynamic link library file. This svchost process by reading "rpcss" service registry information, you can start the service.
Process Name: Generic Service Host Process for Win32 Services
Process Type: System Process
Location: C: \ windows \ system32 \ svchost.exe (if your svchost.exe process is not in this directory, then we must be careful)
English Description: svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated. Note: svchost.
English Reference: svchost.exe is a part of Microsoft's Windows operating system programs, Microsoft's official explanation is that it: Svchost.exe is from dynamic-link library (DLL) to run the service in a generic host process name. This program running on your system, it is very important and can not be ended.
(Note: svchost.exe could also be W32.Welchia.Worm virus, which uses Windows LSASS vulnerability, creating a buffer overflow, causing your computer shutdown. More details refer to: http://www.microsoft.com/technet / security/bulletin/ms04-011.mspx, the process of security level is recommended for immediate deletion.)
Chupin by: Microsoft Corp.
Are: Microsoft Windows Operating System
System Process: Yes
Daemon: Yes
Network-related: Yes
Common Errors: N / A
Memory Usage: N / A
Security level (0-5): 0
Spyware: No
Adware: No
Virus: No
Trojan: No
Found that:
Nt kernel-based windows operating system family, different versions of the windows system, there are different number of "svchost" process, the user use "Task Manager" to see the number of its processes. In general, win2000 two svchost process, winxp in there with four or more of the svchost process (later to see the system has more than one of this process, please do not immediately determine the system has a virus, the yo), while the win2003server China is much greater. The svchost process a lot of system services, such as: rpcss Service (remoteprocedurecall), dmserver Service (logicaldiskmanager), dhcp service (dhcpclient) and so on. To a Windows Vista system svchost process, as many as 12, which svchost.exe is the same file path C: \ Windows \ System32 \ svchost.exe, They are imgsvc, NetworkServiceNetworkRestricted, LocalServiceNoNetwork, NetworkService, LocalService, netsvcs, LocalSystemNetworkRestricted , LocalServiceNetworkRestricted, services, rpcss, WerSvcGroup, DcomLaunch Services Group. If you want to learn more about each svchost process, in the end provide a number of system services, you can win2000 command prompt window, type "tlist-s" command to see that the Order is win2000supporttools provide. The winxp use "tasklist / svc" command.
svchost can contain multiple service
In-depth: windows system process and sharing process of the independence process is divided into two kinds, "svchost.exe" file exists in "% systemroot% system32" directory, it belongs to sharing the process. With the growing number of windows system services, in order to save system resources, Microsoft has made many services share the way, by the svchost.exe process to start. But the svchost process is only as a service host, and can not be achieved any service function, that is, it can only provide the conditions for other services have been started here, but did not give its own customers any services. That these services is how to achieve it?
These system services based on the original dynamic link library (dll) achieved in the form, they point to the executable program svchost, call the appropriate service from the svchost dynamic link library to start the service. That svchost, how to know a system which will serve the dynamic link library which calls it? This is done by system service in the registry to set the parameters to achieve. Here's to rpcss (remoteprocedurecall) services as an example to explain.
Can be seen from the startup parameters in the service is to start by svchost.
Examples
With windowsxp, for example, click on "Start" / "Run", type "services.msc" command, the Services dialog box pops up, and then open the "remoteprocedurecall" Properties dialog box, you can see the rpcss service's executable file path is " c: \ windows \ system32 \ svchost-krpcss ", This shows that the rpcss service is to rely on svchost called" rpcss "parameter to achieve, while the parameters of the content is stored in the system registry.
In the Run dialog box, type "regedit.exe" after the carriage return, open the Registry Editor, locate the [hkey_local_machine \ system \ currentcontrolset \ services \ rpcss] key, find the type of "reg_expand_sz" key "Imagepath", its key for the "% systemroot% system32svchost-krpcss" (which is in the service window to see the service start command), the other in the "parameters" have a sub-item entitled "servicedll" key, its value is "% systemroot% system32rpcss . dll ", where" rpcss.dll "is the rpcss service to use the dynamic link library file. This svchost process by reading "rpcss" service registry information, you can start the service.
No comments:
Post a Comment