Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, September 21, 2017 9:19 PM
Hello:
On a Windows 10 box, I need to figure out the PID of a service running. The problem is the service is runs in svchost (C:\Windows\system32\svchost.exe -k appmodel). My PSList returns 15 svchost entries. How do I know which of the 15 entries corresponds to the service I'm interested in?
Thanks!
All replies (13)
Tuesday, September 26, 2017 2:03 AM âś…Answered | 3 votes
Hello,
You should be able to see individual services running in each Svchost.
Open an elevated CMD prompt
Run tasklist /svc /fo csv >tasks.csv
This will output to the list of task to a CSV file which you can open in Excel
There should be three columns
- the Process (svchost)
- The Pid for that process
- What services are running in this svchost process
Thanks, Darrell Gorter [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.
Friday, September 22, 2017 3:00 AM
Hi,
You can try to get PID using the command prompt.
1.Run the command prompt.
2.Execute the tasklist command.
3.The list of active processes and their identificators (PID) will appear.
4.You can get the information about the tasklist command by entering tasklist/? in the command prompt.
In addition, you can also try Process Explorer tools.
Process Explorer v16.21
/en-us/sysinternals/downloads/process-explorer
Best Regards,
Tao
Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, September 22, 2017 4:14 PM
From what I can see, tasklist only lists the executables for the service. Like I mentioned in the OP, I'm still seeing 15 svchost.exe entries.
What I need to determine, is which svchost.exe of the many svchost.exe(s) running, is wrapping appmodel?
Thanks!
Friday, September 22, 2017 8:19 PM
when you are running Windows 10 version 1703, and your system has more then 3.5Gb, there should be only one service per svchost.
on older versions you can look in task manager on the services tab: there is a PID column.
Monday, September 25, 2017 5:34 PM
That reply doesn't address the original question at all.
I'm running version 1607... nothing I can do about that; it's a corporate image.
> on older versions you can look in task manager
> on the services tab: there is a PID column.
As I wrote in the original post, I'm NOT looking for the PID of svchost.exe itself. I'm looking for the PID of the svchost.exe which is wrapping another exe. There are a dozen things which svchost runs but in the task manager, only svchost.exe is displayed -- I don't want to work with "all" the svchosts... just the one which is running a specific exe I'm interested in.
Monday, September 25, 2017 5:54 PM
in your original post you did not mention that you are running an old version.
> I'm looking for the PID of the svchost.exe which is wrapping another exe.
i have never seen "svchost wrapping another exe", so can't help you.
Monday, September 25, 2017 6:31 PM | 1 vote
Have a look at Process Explorer as mentioned by Tony_Tao above. That does show the command line of the process so does show svchost.exe -k appmodel.
Need to open Process Explorer as admin to populate the command line under properties (does show them in the tooltip if not). See if that shows what you want to see.
Monday, September 25, 2017 6:51 PM | 1 vote
Hi mgoblue0970.
Download and run Process Explorer: hover the mouse on each svchost.exe instance and a tooltip will show the list of the processes/services hosted within.
The "PID" column indicates the PID for the svchost.exe instance hosting the process/service you're interested in.
Bye.
Luigi Bruno
MCP, MCTS, MOS, MTA
Tuesday, September 26, 2017 2:50 PM
> i have never seen "svchost wrapping another exe"
Really? You've never seen that? For example, how about you go to services.msc -> right click on State Repository Service -> in the General tab, look for the "Path to executable" field.
What does it say underneath?
Here, I'll help you out: it says "C:\Windows\system32\svchost.exe -k appmodel"
So, when that service runs, you see svchost.exe in Task Manager and not "appmodel". And that has NOTHING to do with old or new versions of Windows as you say.
Tuesday, September 26, 2017 2:52 PM
Thanks @-Mr Happy- and @ Luigi Bruno!!!!
Tuesday, September 26, 2017 2:56 PM
Yep. Exactly what I was looking for. Thanks for doing this in the command line as well... now I can run this through a for loop, search for the string I need, get the PID as an argument and kill it with taskkill %i
Tuesday, September 26, 2017 3:11 PM
@moblue970: "C:\Windows\system32\svchost.exe -k appmodel"
there is only one exe: svchost.exe.
the service is "%SystemRoot%\system32\windows.staterepository.dll"
so I still fail to see "svchost wrapping another exe".
But lest keep it at that: you obviously have a better understanding of Windows services than me.
Tuesday, September 26, 2017 5:20 PM
Thanks @-Mr Happy- and @ Luigi Bruno!!!!
You're welcome.
Bye.
Luigi Bruno
MCP, MCTS, MOS, MTA