Browse All Articles
> SVCHost is not a Ghost (An Overview of SVCHost.exe)
As the name suggests, SVCHost stands for Service Host. It is a process which hosts different services of Windows which are actually run from Dynamic Link Libraries (DLL) files.
A DLL is a library that contains data (code) that could be used by more than one program at the same time; there's lots to add to this but we'll limit it just till this point.
What's the connection between SVCHost & DLL?
Since we can't launch a .dll file directly from Windows, it has to be loaded through an executable (.exe) and this functionality gave birth to the svchost.exe.
What's the connection between SVCHost & Windows OS?
If you type "Net Start" in the command line, it will display all the services that are currently running on the system. Most of the services which run on a Windows OS are implemented on the basis of DLLs and they are NOT stand alone Executables.
The job of an SVCHost.exe is to execute the services which are defined in a DLL.
To know which process of SVCHost is running which service, type "Tasklist /svc" (Win XP/Vista/Server 2003 & 2008) or "Tlist -s" (Win Server 2000) in the command prompt and you'll know it all.
Please note that users using XP Home edition do not have this file by default. You could download it from the following link:
How to troubleshoot memory leak issues caused by a SVCHost process
If you are facing memory leak issues on a server for an SVCHost process then you could make use of the Process Explorer tool provided by Sysinternals/Microsoft to identify the root cause.
In Process Explorer, hovering your mouse over one of the processes will display a list of all the services held by that particular instance of SVCHost.
If you suspect a particular service run by a SVCHost process to be leaking memory then you could simply try stopping each of the services under it one by one and see if the memory utilization level goes down. The moment memory utilization level drops, you'll know that the service which you just stopped was leaking memory.
Hope this was clear. I've constructed this as per my understanding and as always, you're free to challenge the above; of corse by justifying why do you think something that's mentioned above is wrong.
If you wish to learn more on this topic then it would be worth going through the Bleepingcomputer's tutorial which takes you through with the help of some useful snap shots.