Service as Process

  • Thread starter Thread starter TieTo
  • Start date Start date
T

TieTo

Hello,

I'm looking for a way to identify a running process from which service it is
started. All seems working well so far. I am using a simpel wmi call to
enumerate all running processes and all installed services. I then compare
the 'Pathname' property from the service against the 'Commandline' property
of the running process to see if they match. If they do, I know which
service is my running process. This all works.

I noticed on some test machines that I have multiple identical running
process which are started by different services but the problem is that
those services are all identical too, with the same 'Pathname' property.
Anyone know how I can enumerate those correctly? Maybe I'm doing my check
the wrong way.

Kind rgds,
T.
 
perhaps service is
service.exe
you need to check the command line of the service.exe itself. For
different services running it differs. (entry from the reg).
 
hB said:
perhaps service is
service.exe
you need to check the command line of the service.exe itself. For
different services running it differs. (entry from the reg).
Click to expand...

Hello hB,

Thank you for your reply. This is the strange part. These custom services
all have the same starting exe, same commandline but different display
names. I therefore see multiple same exe's in my process list, but do not
know how to enumerate the correct one with the services as they have all the
same commandline. Strange, I know :(

Rgds,
T.
 
perhaps like path properties there are more properties. (i cant check
now)

you can have some idea by looking at:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
and thier parameters.
 
TieTo said:
Hello,

I'm looking for a way to identify a running process from which service it
is
started. All seems working well so far. I am using a simpel wmi call to
enumerate all running processes and all installed services. I then compare
the 'Pathname' property from the service against the 'Commandline'
property
of the running process to see if they match. If they do, I know which
service is my running process. This all works.

I noticed on some test machines that I have multiple identical running
process which are started by different services but the problem is that
those services are all identical too, with the same 'Pathname' property.
Anyone know how I can enumerate those correctly? Maybe I'm doing my check
the wrong way.

Kind rgds,
T.
Click to expand...

You misunderstand the service process relationship, a service does not start
a process; a process hosts a service or multiple services and each service
can be controlled separately from the other services in the process.

Services and processes do not have a one to one relationship, a single
process can host multiple services.
And the same host process can run multiple times to host different services,
one example is svchost.exe which runs multple times hosting a multitude of
services.

Willy.
 
Back
Top