Forrest on the 2001-9-5 14:20:41 on the Green Alliance Technology Forum (BBS.nsfocus.com) -
Svchost.exe
Svchost.exe files are a normal host process name for services running from a dynamic connection library. Svhost.exe file positioning
Under the% SystemRoot% / System32 folder of the system. When startup, svchost.exe checks the location in the registry to build the needs.
Loaded service list. This will cause multiple svchost.exe to run at the same time. A set of services is included during the back dialect of each svchost.exe.
So a separate service must rely on how SVCHOST.EXE is started there. This makes it easier to control and find errors.
The SVCHOST.EXE group is identified by the following registry value.
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows NT / CurrentVersion / SVCHOST
Each value under this key represents a separate SVCHOST group, and when you are looking at the activity process, it shows as a separate
example. Each key value is the value of the REG_MULTI_SZ type and includes services running within the SVCHOST group. Each SVCHOST group contains one
Or multiple service names selected from the registry value, the parameter value of this service contains a serviceDLL value.
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / Service
more information
In order to see the service running in the SVCHOST list.
Start - run - knock in cmd
Then in the TLIST -S (TLIST should be the winter winter in the Win2K toolbox)
TLIST shows a list of event processes. Switch -s Displays a list of active services in each process. If you want to know more about
The process of the process can knock the TLIST PID.
TLIST shows two examples of SVCHOST.exe run.
0 System Process
8 system
132 SMSS.exe
160 CSRSS.EXE TITLE:
180 Winlogon.exe Title: NetDDE Agent
208 Services.exe
SVCS: Appmgmt, Browser, DHCP, DMSERVER, DNSCACHE, EventLog, Lammanserver, Lanmanworkstation, Lmhosts, Messenger, Plugplay, ProtectedStorage, Seclogon, Trkwks, W32Time, WMI
220 lsass.exe svcs: Netlogon, PolicyAgent, Samss
404 SVCHOST.EXE SVCS: RPCSS
452 Spoolsv.exe SVCS: SpoOLOLER
544 CISVC.EXE SVCS: CISVC
556 Svchost.exe SVCS: Eventsystem, Netman, NTMSSVC, Rasman, Sens, Tapsrv
580 Regsvc.exe SVCS: RemoteRegistry
596 MStask.exe SVCS: Schedule
660 SNMP.EXE SVCS: SNMP
728 Winmgmt.exe SVCS: WinMgmt
852 Cidaemon.exe Title: OLEMAINTHREADWNDNAME
812 Explorer.exe Title: Program Manager
1032 Osa.exe Title: Reminder
1300 cmd.exe title: d: /winnt5/system32/cmd.exe - TLIST -S
1080 Mapisp32.exe Title: WMS IDLE
1264 Rundll32.exe Title:
1000 mmc.exe title: Device Manager1144 TLIST.EXE
In this example, the registry sets two groups.
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows NT / CurrentVersion / SVCHOST:
Netsvcs: REG_MULTI_SZ: Eventsystem IAS IPRIP Irmon Netman NWSAPAGENT RASAUTO RASMAN RemoteAccess Sens SharedAccess Tapism NTMSSVC
RPCSS: REG_MULTI_SZ: RPCSS
SMSS.exe
CSRSS.EXE
This is part of the user mode Win32 subsystem. CSRSS represents a client / server running subsystem and is a basic subsystem
Must be running. CSRSS is responsible for controlling Windows, creates or deletes threads and some 16-bit virtual MS-DOS environments.
Explorer.exe
This is a user's shell (I really don't know how to translate shell), and we look like task bars, desktops, etc. This one
The process is not as an important process as an important process, you can stop it from the task manager or restart.
It usually does not have any negative impact on the system.
INTERNAT.EXE
This process can be turned off from the task manager.
INTERNAT.EXE starts running at startup. It loads different input points specified by the user. The input point is the location from the registry
HKEY_USERS / .DEFAULT / Keyboard Layout / Preload load content.
INTERNAT.EXE loads the "En" icon into the system's icon area, allowing users to easily convert different input points.
When the process is stopped, the icon will disappear, but the input point can still change by the control panel.
LSASS.EXE
This process cannot be turned off from the task manager.
This is a local security license service, and it will generate a process for authorized users using Winlogon services. This process is
Executed by using an authorized package, such as the default msgina.dll. If the authorization is successful, LSASS will generate users' entry.
Token, let the card don't use the initial shell. Other processes initialized by users will inherit this token.
Mstask.exe
This process cannot be turned off from the task manager.
This is a task scheduling service, responsible for the operation of the task running in advance to run at a certain time.
SMSS.exe
This process cannot be turned off from the task manager.
This is a session management subsystem that is responsible for starting a user session. This process is initialized through the system process and for many activities.
Includes Winlogon, Win32 (CSRSS.exe) threads, and set system variables. Start these
After the process, it waits for Winlogon or CSRSS to end. If these processes are normal, the system is turned off. What happened?
Unpredictable things, smss.exe will stop the system to stop responding (that is, hangs).
Spoolsv.exe
This process cannot be turned off from the task manager.
The spooler service is the print and fax jobs in the management buffer pool.
Service.exe
This process cannot be turned off from the task manager.
Most system core mode processes are run as a system process.
System idle process
This process cannot be turned off from the task manager.
This process is on each processor as a single-threaded operation and dispatches the processor when the system does not handle other threads.
Taskmagr.exe
This process can be turned off in the task manager.
This process is the task manager.
Winlogon.exe
This process is to manage user login and launch. And Winlogon is activated when the user presses Ctrl Alt DEL, and the security dialog box is displayed. Winmgmt.exe
Winmgm is the core component of Win2000 client management. This process initializes when the client application is connected or when the manager needs his own service.
