<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

SVCHost is not a Ghost (An Overview of SVCHost.exe)

Published on
10,159 Points
4,059 Views
1 Endorsement
Last Modified:
Approved
As the name suggests, SVCHost stands for Service Host. It is a process which hosts different services of Windows which are actually run from Dynamic Link Libraries (DLL) files.

A DLL is a library that contains data (code) that could be used by more than one program at the same time; there's lots to add to this but we'll limit it just till this point.

What's the connection between SVCHost & DLL?
Since we can't launch a .dll file directly from Windows, it has to be loaded through an executable (.exe) and this functionality gave birth to the svchost.exe.

What's the connection between SVCHost & Windows OS?
If you type "Net Start" in the command line, it will display all the services that are currently running on the system. Most of the services which run on a Windows OS are implemented on the basis of DLLs and they are NOT stand alone Executables.

The job of an SVCHost.exe is to execute the services which are defined in a DLL.

To know which process of SVCHost is running which service, type "Tasklist /svc" (Win XP/Vista/Server 2003 & 2008) or "Tlist -s" (Win Server 2000) in the command prompt and you'll know it all.
Please note that users using XP Home edition do not have this file by default. You could download it from the following link:
http://www.computerhope.com/download/winxp/tasklist.exe

How to troubleshoot memory leak issues caused by a SVCHost process

If you are facing memory leak issues on a server for an SVCHost process then you could make use of the Process Explorer tool provided by Sysinternals/Microsoft to identify the root cause.
http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx

In Process Explorer, hovering your mouse over one of the processes will display a list of all the services held by that particular instance of SVCHost.
If you suspect a particular service run by a SVCHost process to be leaking memory then you could simply try stopping each of the services under it one by one and see if the memory utilization level goes down. The moment memory utilization level drops, you'll know that the service which you just stopped was leaking memory.

Hope this was clear. I've constructed this as per my understanding and as always, you're free to challenge the above; of corse by justifying why do you think something that's mentioned above is wrong.

If you wish to learn more on this topic then it would be worth going through the Bleepingcomputer's tutorial which takes you through with the help of some useful snap shots.
http://www.bleepingcomputer.com/tutorials/tutorial129.html


#wyn
1
Author:ashwynr
4 Comments
LVL 5

Expert Comment

by:Ronnel dela Luz
"Tasklist /svc" does not work in the command prompt.
0
LVL 10

Expert Comment

by:Rudram
* Hi Truinx, the "Tasklist /svc" command does work, provided its fired on a Windows Box (basically Windows XP, Windows 2003 Server, Windows Server 2008 and Windows Vista"

Hope this helps (^_^)
0
 

Administrative Comment

by:rpggamergirl
It might be helpful if you also mention that the command "tasklist /svc" won't work in XP Home and that they need to download tasklist.exe


A lot of articles have been written about these processes.
You might also like to include a link like the Bleepingcomputer's tutorial on svchost.exe for anyone looking for more in-depth explanation.
http://www.bleepingcomputer.com/tutorials/tutorial129.html
0
LVL 14

Author Comment

by:ashwynr
Thanks rpggamegirl, I wont be able to add your point to the article but I guess the readers will know about it after reading your comments.
Cheers
0

Featured Post

Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month