SVCHost is not a Ghost (An Overview of SVCHost.exe)

Published on
10,082 Points
1 Endorsement
Last Modified:
As the name suggests, SVCHost stands for Service Host. It is a process which hosts different services of Windows which are actually run from Dynamic Link Libraries (DLL) files.

A DLL is a library that contains data (code) that could be used by more than one program at the same time; there's lots to add to this but we'll limit it just till this point.

What's the connection between SVCHost & DLL?
Since we can't launch a .dll file directly from Windows, it has to be loaded through an executable (.exe) and this functionality gave birth to the svchost.exe.

What's the connection between SVCHost & Windows OS?
If you type "Net Start" in the command line, it will display all the services that are currently running on the system. Most of the services which run on a Windows OS are implemented on the basis of DLLs and they are NOT stand alone Executables.

The job of an SVCHost.exe is to execute the services which are defined in a DLL.

To know which process of SVCHost is running which service, type "Tasklist /svc" (Win XP/Vista/Server 2003 & 2008) or "Tlist -s" (Win Server 2000) in the command prompt and you'll know it all.
Please note that users using XP Home edition do not have this file by default. You could download it from the following link:

How to troubleshoot memory leak issues caused by a SVCHost process

If you are facing memory leak issues on a server for an SVCHost process then you could make use of the Process Explorer tool provided by Sysinternals/Microsoft to identify the root cause.

In Process Explorer, hovering your mouse over one of the processes will display a list of all the services held by that particular instance of SVCHost.
If you suspect a particular service run by a SVCHost process to be leaking memory then you could simply try stopping each of the services under it one by one and see if the memory utilization level goes down. The moment memory utilization level drops, you'll know that the service which you just stopped was leaking memory.

Hope this was clear. I've constructed this as per my understanding and as always, you're free to challenge the above; of corse by justifying why do you think something that's mentioned above is wrong.

If you wish to learn more on this topic then it would be worth going through the Bleepingcomputer's tutorial which takes you through with the help of some useful snap shots.


Expert Comment

by:Ronnel dela Luz
"Tasklist /svc" does not work in the command prompt.
LVL 10

Expert Comment

* Hi Truinx, the "Tasklist /svc" command does work, provided its fired on a Windows Box (basically Windows XP, Windows 2003 Server, Windows Server 2008 and Windows Vista"

Hope this helps (^_^)

Administrative Comment

It might be helpful if you also mention that the command "tasklist /svc" won't work in XP Home and that they need to download tasklist.exe

A lot of articles have been written about these processes.
You might also like to include a link like the Bleepingcomputer's tutorial on svchost.exe for anyone looking for more in-depth explanation.
LVL 14

Author Comment

Thanks rpggamegirl, I wont be able to add your point to the article but I guess the readers will know about it after reading your comments.

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Join & Write a Comment

In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month