Some time ago we took a good look at the svchost process and unscrambled its complexities. If you’ve read the article you know that svchost.exe is a generic host process for .dll files, as well as a couple of the methods to figure out which exactly which .dll files are loaded. Since writing that article I’ve found a groovy tool called Svchost Viewer that streamlines the entire process.Just to review, when you open up Task Manager in Windows 7, Vista, or Xp, you’ll see multiple instances of svchost.exe running. Each svchost you see is really just another process that was loaded using svchost as a host. The tricky part is figuring out exactly what each process is that svchost is hosting, and that is where the Viewer comes in handy.
Svchost Viewer is an open source application developed on codexplex.com. When opened it will list every single dynamic link library that svchost.exe is hosting. Along with the name of each service, it will also give you the following details:
- Data activity (amount read/written)
- Start mode (Does it automatically start with Windows?)
- Detailed but brief description
If you ask me, the best part of the app is that it is able to tell you what each process is used for based upon what each description says.
Though it isn’t the best way to go about it, as a bonus you can use Svchost Viewer to stop services dead in their tracks. When doing this a warning will display letting you know that the service might just restart when you reboot Windows and you should really disable it the proper way via services.msc.
Conclusion
Svchost Viewer is a simple and straight forward application to aid in the understanding of svchost.exe’ many tasks. It is open-source and free, so if you are curious to figure out what each and every service is, this is a groovy download work taking for a spin.
Leave a Reply
Leave a Reply
