How to get a service name from a process ID?

By prell
in Microsoft (Windows)

 Share

Recommended Posts

Apprentice

prell

Posted
Posted

Services seem to run under services.exe -- A service always just looks like "services.exe" in the process list. Is there any way (any program, etc.) I can see which process is actually being executed?

My issue is that I have a service seemingly scanning my entire hard drive, and I have System Restore turned off, so I can't guess what it is.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

where did you get the idea that services all run under services.exe?? Thats not true..

Anyway - what your looking for is tasklist

/SVC Displays services in each process.

tasklist /svc

example...
Image Name				   PID Services
========================= ====== =============================================
System Idle Process			0 N/A
System						 4 N/A
smss.exe					1012 N/A
csrss.exe				   1060 N/A
winlogon.exe				1084 N/A
services.exe				1128 Eventlog, PlugPlay
lsass.exe				   1140 ProtectedStorage, SamSs
svchost.exe				 1300 DcomLaunch, TermService
svchost.exe				 1460 RpcSs
svchost.exe				 1544 AudioSrv, CryptSvc, EventSystem, helpsvc,
								 HidServ, lanmanserver, lanmanworkstation,
								 Netman, Nla, seclogon, SENS,
								 ShellHWDetection, Themes, winmgmt, wuauserv
svchost.exe				 1588 Dnscache
svchost.exe				 1604 LmHosts, RemoteRegistry
spoolsv.exe				 1832 Spooler
agent.exe					204 AcronisAgent
schedul2.exe				 216 AcrSch2Svc
DkService.exe				304 Diskeeper
FrameworkService.exe		 352 McAfeeFramework
Mcshield.exe				 388 McShield
naPrdMgr.exe				 440 N/A

Apprentice

prell

Posted
  • Author
Posted

Ahhh! Thank you, BudMan!

(I have to admit I just went on intuition about all services being run under services.exe).

Okay so now I've determined the culprit: Eventlog (or PlugPlay). What would either of those services need to scan my hard drive for? In filemon I see a bunch of things like this:

8:33:54 AM	services.exe:964	READ 	C:\WINDOWS\system32\config\SYSTEM		Offset: 184320 Length: 4096	
8:33:54 AM	services.exe:964	QUERY INFORMATION	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4dk5.htm	SUCCESS	FileNameInformation	
8:33:54 AM	services.exe:964	CLOSE	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4d2o.htm	SUCCESS		
8:33:54 AM	services.exe:964	QUERY INFORMATION	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4dk5.htm	SUCCESS	FileBasicInformation	
8:33:54 AM	services.exe:964	QUERY SECURITY	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4dk5.htm	BUFFER OVERFLOW		
8:33:54 AM	services.exe:964	QUERY SECURITY	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4dk5.htm	SUCCESS		
8:33:54 AM	services.exe:964	DIRECTORY	C:\WINDOWS\Help\iisHelp\iis\htm\asp	SUCCESS	FileNamesInformation	
8:33:54 AM	services.exe:964	OPEN	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4ng2.htm	SUCCESS	Options: Open  Access: All	
8:33:54 AM	services.exe:964	QUERY INFORMATION	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4ng2.htm	SUCCESS	FileNameInformation

This is done for files all over my hdd. Any idea what this is all about?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Ahhh! Thank you, BudMan!

This is done for files all over my hdd. Any idea what this is all about?

Off the top I can not think why either of those would be accessing files?? I do not see my services.exe access files all over.. the eventlog sure, but not files from all over the drive..

If I had to guess I would guess some type of infection? Are you running any type of indexing software.. are you running a virus scan?

Could it have something to do with logging of people accessing websites? Your examples were IIS related..

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Apple MacBook Neo is a blessing for Windows users, here's why

      By PsYcHoKiLLa · Posted

      If the drive/memory is soldered to the board, which it probably is, then it's a no from me
    • Driver Genius 25.0.0.143

      By Copernic · Posted

      Driver Genius 25.0.0.143 by Razvan Serea Driver Genius is a professional driver management tool features both driver management and hardware diagnostics. Driver Genius provides such practical functions as driver backup, restoration, update and removal for computer users. If you often reinstall your operating system, you may not forget such painful experiences of searching all around for all kinds of drivers. If unfortunately you have lost your driver CD, the search will be more troublesome and time-consuming. Driver Genius can automatically find drivers for a device when the system can't find a driver for it. It can recognize the name and vendor's information of the device, and directly provide download URL for the required driver. Driver Genius also supports online updates for drivers of existing hardware devices. Driver Genius customers can obtain information for latest drivers by Driver Genius's LiveUpdate program, which can synchronize to the database on Driver Genius site. Features at a glance: Find the latest drivers for your computer. One click to update all drivers silently. Automatically install driver updates silently. Make your drivers are always up to date. New rollback driver design for safer driver update. Free to backup all drivers now! Package all drivers to an executable auto installer. One click to restore all drivers. Remove invalid or useless drivers/devices, improve system performance and stability. New system information tool. Detailed hardware inventory. Hardware temperature monitor. Protect your CPU, GPU and HDD. New system transfer assistant. Upgrade/degrade your windows system easily. New SSD Speeder. Improve your disk performance and reliability. New System booster provides over 90 optimization options that make your computer run faster and smoother. New System Cleanup can help you to clean up the temporary files and cache files or other junk files in system. Driver Genius 25.0.0.143 changelog: Enhanced detection for Windows Runtime components. Update the hardware detection component to support more new hardware. Update the compression component to address security issues. Download: Driver Genius 25.0.0.143 | 20.7 MB (Shareware) View: Driver Genius Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Still using Classic Outlook? Microsoft highlights 15 reasons to switch to New Outlook

      By PsYcHoKiLLa · Posted

      We do it all the time on our IT Service desk mailbox to add a reference, in the subject line, once it's been logged and then it's filed into the appropriate sub-folder. Other companies probably do the same thing.
    • Still using Classic Outlook? Microsoft highlights 15 reasons to switch to New Outlook

      By PsYcHoKiLLa · Posted

      "No. The "New Outlook for Windows" does not support non-cloud mailboxes (such as on-premises Exchange servers). Furthermore, because the New Outlook effectively functions as a web-based client, it requires all connected accounts—even standard IMAP or POP accounts—to route and cache data through Microsoft's cloud servers. You can verify the accepted account setups using the Microsoft Supported Account Types Guide." Built to fail "New" Outlook is basically just webmail in a window wrapper and it's usefulness reflects that.
    • Politically funny images of the World

      By PsYcHoKiLLa · Posted

  • Recent Achievements

    • One Month Later
      Carru_123 earned a badge
      One Month Later
    • Week One Done
      Dr Jared Dental Studio earned a badge
      Week One Done
    • Week One Done
      RG INVESTMENT GROUP earned a badge
      Week One Done
    • Very Popular
      The Norwegian Drone Pilot earned a badge
      Very Popular
    • Very Popular
      s0nic69 earned a badge
      Very Popular

  • Popular Contributors

    1. 1
      +primortal
      472
    2. 2
      PsYcHoKiLLa
      250
    3. 3
      Skyfrog
      79
    4. 4
      FloatingFatMan
      67
    5. 5
      Michael Scrip
      60
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!