How to Identify the Process a Service is Using

I needed to change permissions on some processes.  The process name for most services nicely matches the service names.  However, I can't locate the name of the process the Messenger spawns in process explorer by name.  Is there a better way to link a service to a process in memory?  (Yes, Messenger is disabled, but the permissions are insecure so picked up on a scan.  I'm just temporarily starting the service to try to see it).

Thanks.
whoamAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

it_saigeDeveloperCommented:
You can look at the service properties:

Start -> Run --> services.msc

Choose a service, right-click on it and choose properties.  There is a line under the description that reads 'Path to executable' -Capture.JPG
Although, don't be surprised if you find many Microsoft services use svchost.exe.

-saige-
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
In Process Explorer you can view the hosted services in the service exe. Indirect, but feasible.
With newer OS TaskManager has own tab displaying service names and their corresponding host file.
You can also search in registry,  if you know the internal name.
0
Zsolt PribuszCommented:
in powershell you can run this:

Get-WmiObject win32_service | select Name, DisplayName, PathName

PathName points to executable what service is using.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

whoamAuthor Commented:
Thanks guys, I left out some details.  Messenger's executable is
"C:\Windows\System32\svchost.exe -k netsnvs"
So, yep it spawns the dreaded "Svchost.exe" in process explorer.  So that's no help.

I need a way to find which svchost.exe is being used by Messenger.

One of the running svchost.exe has the same executable string, but mousing over shows only other services.
0
whoamAuthor Commented:
Found it!

So, if you take that process "SVCHOST.EXE" that I spoke of and open it's properties in process explorer(Sysinternals), then go to the SERVICES tab, there you find the Messenger process/servcie listed with the other services.  From there you can choose permissions, modify them as needed.

Thanks all!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
That's what I tried to tell in http:#a40492720.
You can also use   tasklist /svc   to view the service/exe relation.
0
whoamAuthor Commented:
The expert comment did not provide the answer I needed, but felt they deserved points for effort and helping me get there.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.