• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Is there a site that has Windows "man pages"?

That link doesn't have anything about it either. I just want to know what svchost.exe -k something does... I guess I've been spoiled by BSD. 😛
 
n0cmonkey, ask smilin what is it. He probably knows because he works or worked on Microsoft. All that I know is that the process are started by this service to run in kernel mode, and all of the process are started under services.exe wich is linked to the services under:
Control panel ->administrative tools -> computer management -> services.
Click on the service and dependencies to know what services are started and how.
I know these services have to be signed by microsoft to be started under svchost.exe, but is already hacked by a
great amount of viruses to start strange services like spywares and rootkits.
you can kill these spywares deleting them from the registry too if you know what is inside the normal operation under the windows task manager. afetr this you can restart and delete the file of the virus itself.
 
Originally posted by: xtknight
http://www.google.com/search?hl=en&lr=&q=svchost+%22-k%22&btnG=Search

Probably just starts a set of kernel services. It is undocumented just as many of the Windows NT APIs. Is there a reason for concern (trying to slim down your services list?) tasklist /svc lists currently running services (and tells you which PID of svchost is responsible for which services).
Click to expand...

Not to be rude, but don't you think I tried a basic google search? 😉

I'm not trying to do anything, except find out exactly what svchost.exe does. An good online source of microsoft documentation wouldn't be bad either, but it definitely isn't their site. 😉

It's not even that big of a deal now, just principle. 😛
 
From "Windows Internals", 4th Ed. Chapter 4:

Running every service in its own process instead of having services share a process whenever possible wastes system resources. However, sharing processes means that if any of the services in the process has a bug that causes the process to exit, all the services in that process terminate.

Of the Windows built-in services, some run in their own process and some share a process with other services. For example, the SCM process hosts the Event Log service and the usermode Plug and Play service, and the LSASS process contains security-related services--such as the Security Accounts Manager (SamSs) service, the Net Logon (Netlogon) service, and the IPSec Policy Agent (PolicyAgent) service.

There is also a "generic" process named Service Host (SvcHost - \Windows\System32\Svchost.exe) to contain multiple services. Multiple instances of SvcHost can be running in different processes. Services that run in SvcHost processes include Telephony (TapiSrv), Remote Procedure Call (RpcSs) and Remote Access Connection Manager (RasMan). Windows implements services that run in SvcHost as DLLs and includes an ImagePath definition in the form "%SystemRoot%\System32\svchost.exe -k netsvcs" in the service's registry key. The service's registry key must also have a registry value named ServiceDll under a Parameters subkey that points to the service's DLL file.

All services that share a common SvcHost process specify the same parameter ("-k netsvcs" in the example in the preceeding paragraph) so that they have a single entry in the SCM's image database. When the SCM encounters the first service that has a SvcHost ImagePath with a particular parameter during service startup, it creates a new image database entry and lauches a SvcHost process with the parameter. The new SvcHost process takes the parameter and looks for a value having the same name as the parameter under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost. SvcHost reads the contents of the value, interpreting it as a list of service names, and notifies the SCM that it's hosting those services when SvcHost registers with the SCM.

When the SCM encounters a SvcHost service during system startup with an ImagePath matching an entry it already has in the image database, it doesn't launch a second process but instead just sends a start command for the service to the SvcHost it already started for that ImagePath value. The existing SvcHost process reads the ServiceDll parameter in the service's registry key and loads the DLL into its process to start the service.
Click to expand...

Does that help? (Everyone should have a copy of this book if they are at all interested in how Windows works.)
 
Originally posted by: stash
From "Windows Internals", 4th Ed. Chapter 4:

Running every service in its own process instead of having services share a process whenever possible wastes system resources. However, sharing processes means that if any of the services in the process has a bug that causes the process to exit, all the services in that process terminate.

Of the Windows built-in services, some run in their own process and some share a process with other services. For example, the SCM process hosts the Event Log service and the usermode Plug and Play service, and the LSASS process contains security-related services--such as the Security Accounts Manager (SamSs) service, the Net Logon (Netlogon) service, and the IPSec Policy Agent (PolicyAgent) service.

There is also a "generic" process named Service Host (SvcHost - \Windows\System32\Svchost.exe) to contain multiple services. Multiple instances of SvcHost can be running in different processes. Services that run in SvcHost processes include Telephony (TapiSrv), Remote Procedure Call (RpcSs) and Remote Access Connection Manager (RasMan). Windows implements services that run in SvcHost as DLLs and includes an ImagePath definition in the form "%SystemRoot%\System32\svchost.exe -k netsvcs" in the service's registry key. The service's registry key must also have a registry value named ServiceDll under a Parameters subkey that points to the service's DLL file.

All services that share a common SvcHost process specify the same parameter ("-k netsvcs" in the example in the preceeding paragraph) so that they have a single entry in the SCM's image database. When the SCM encounters the first service that has a SvcHost ImagePath with a particular parameter during service startup, it creates a new image database entry and lauches a SvcHost process with the parameter. The new SvcHost process takes the parameter and looks for a value having the same name as the parameter under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost. SvcHost reads the contents of the value, interpreting it as a list of service names, and notifies the SCM that it's hosting those services when SvcHost registers with the SCM.

When the SCM encounters a SvcHost service during system startup with an ImagePath matching an entry it already has in the image database, it doesn't launch a second process but instead just sends a start command for the service to the SvcHost it already started for that ImagePath value. The existing SvcHost process reads the ServiceDll parameter in the service's registry key and loads the DLL into its process to start the service.
Click to expand...

Does that help? (Everyone should have a copy of this book if they are at all interested in how Windows works.)
Click to expand...

Thanks, that helped. I'll have to take a look at that book next time I'm at the store.
 
Originally posted by: n0cmonkey
Originally posted by: xtknight
http://www.google.com/search?hl=en&lr=&q=svchost+%22-k%22&btnG=Search

Probably just starts a set of kernel services. It is undocumented just as many of the Windows NT APIs. Is there a reason for concern (trying to slim down your services list?) tasklist /svc lists currently running services (and tells you which PID of svchost is responsible for which services).
Click to expand...

Not to be rude, but don't you think I tried a basic google search? 😉
Click to expand...

Yeah, I just wanted to make sure you enclosed the "-k" parameter in double quotes, or Google would just do a search and exclude everything with "k" in it.
 
Originally posted by: xtknight
Originally posted by: n0cmonkey
Originally posted by: xtknight
http://www.google.com/search?hl=en&lr=&q=svchost+%22-k%22&btnG=Search

Probably just starts a set of kernel services. It is undocumented just as many of the Windows NT APIs. Is there a reason for concern (trying to slim down your services list?) tasklist /svc lists currently running services (and tells you which PID of svchost is responsible for which services).
Click to expand...

Not to be rude, but don't you think I tried a basic google search? 😉
Click to expand...

Yeah, I just wanted to make sure you enclosed the "-k" parameter in double quotes, or Google would just do a search and exclude everything with "k" in it.
Click to expand...

I have strong google-fu. 😉
But I appreciate it. 🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top