How to get a service name from a process ID?

By prell
in Microsoft (Windows)

 Share

Recommended Posts

Apprentice

prell

Posted
Posted

Services seem to run under services.exe -- A service always just looks like "services.exe" in the process list. Is there any way (any program, etc.) I can see which process is actually being executed?

My issue is that I have a service seemingly scanning my entire hard drive, and I have System Restore turned off, so I can't guess what it is.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

where did you get the idea that services all run under services.exe?? Thats not true..

Anyway - what your looking for is tasklist

/SVC Displays services in each process.

tasklist /svc

example...
Image Name				   PID Services
========================= ====== =============================================
System Idle Process			0 N/A
System						 4 N/A
smss.exe					1012 N/A
csrss.exe				   1060 N/A
winlogon.exe				1084 N/A
services.exe				1128 Eventlog, PlugPlay
lsass.exe				   1140 ProtectedStorage, SamSs
svchost.exe				 1300 DcomLaunch, TermService
svchost.exe				 1460 RpcSs
svchost.exe				 1544 AudioSrv, CryptSvc, EventSystem, helpsvc,
								 HidServ, lanmanserver, lanmanworkstation,
								 Netman, Nla, seclogon, SENS,
								 ShellHWDetection, Themes, winmgmt, wuauserv
svchost.exe				 1588 Dnscache
svchost.exe				 1604 LmHosts, RemoteRegistry
spoolsv.exe				 1832 Spooler
agent.exe					204 AcronisAgent
schedul2.exe				 216 AcrSch2Svc
DkService.exe				304 Diskeeper
FrameworkService.exe		 352 McAfeeFramework
Mcshield.exe				 388 McShield
naPrdMgr.exe				 440 N/A

Apprentice

prell

Posted
  • Author
Posted

Ahhh! Thank you, BudMan!

(I have to admit I just went on intuition about all services being run under services.exe).

Okay so now I've determined the culprit: Eventlog (or PlugPlay). What would either of those services need to scan my hard drive for? In filemon I see a bunch of things like this:

8:33:54 AM	services.exe:964	READ 	C:\WINDOWS\system32\config\SYSTEM		Offset: 184320 Length: 4096	
8:33:54 AM	services.exe:964	QUERY INFORMATION	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4dk5.htm	SUCCESS	FileNameInformation	
8:33:54 AM	services.exe:964	CLOSE	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4d2o.htm	SUCCESS		
8:33:54 AM	services.exe:964	QUERY INFORMATION	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4dk5.htm	SUCCESS	FileBasicInformation	
8:33:54 AM	services.exe:964	QUERY SECURITY	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4dk5.htm	BUFFER OVERFLOW		
8:33:54 AM	services.exe:964	QUERY SECURITY	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4dk5.htm	SUCCESS		
8:33:54 AM	services.exe:964	DIRECTORY	C:\WINDOWS\Help\iisHelp\iis\htm\asp	SUCCESS	FileNamesInformation	
8:33:54 AM	services.exe:964	OPEN	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4ng2.htm	SUCCESS	Options: Open  Access: All	
8:33:54 AM	services.exe:964	QUERY INFORMATION	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4ng2.htm	SUCCESS	FileNameInformation

This is done for files all over my hdd. Any idea what this is all about?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Ahhh! Thank you, BudMan!

This is done for files all over my hdd. Any idea what this is all about?

Off the top I can not think why either of those would be accessing files?? I do not see my services.exe access files all over.. the eventlog sure, but not files from all over the drive..

If I had to guess I would guess some type of infection? Are you running any type of indexing software.. are you running a virus scan?

Could it have something to do with logging of people accessing websites? Your examples were IIS related..

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft is making Windows 11's context menus faster, simpler, and configurable

      By duhk · Posted

      I like the show more options. The only problem with it is that it's not always in a consistent spot in the menu. If the copy/paste/cut, happens to show on top, then more option is the last in the menu. But if copy/paste/cut happens to show on the bottom, then more options is before the copy/paste/cut. But I do like the more options because it hides the stuff that I rarely use. But I would like to choose what it is or isn't hiding. That would make it better.
    • Microsoft is making Windows 11's context menus faster, simpler, and configurable

      By Michael Scrip · Posted

      I wonder if "put it back the way it was for decades" ever crossed their minds? 🤣
    • Microsoft is making Windows 11's context menus faster, simpler, and configurable

      By PsYcHoKiLLa · Posted

      Rescind the stupid "Show more options" in context menus and just give us the full menu instead of adding more steps to get to what we want. The "simpler by default" makes me think they'll go in the opposite direction. Every context menu should have a configure button so you can pick and choose what options should be shown, I know you can do that with some registry fu but that shouldn't be required.
    • Microsoft is making Windows 11's context menus faster, simpler, and configurable

      By Jose_49 · Posted

      This is why competition must exist. Finally, pressure is mounting on Microsoft to move in the right direction.
    • Microsoft is making Windows 11's context menus faster, simpler, and configurable

      By TarasBuria · Posted

      Microsoft is making Windows 11's context menus faster, simpler, and configurable by Taras Buria Five years ago, Windows 11 introduced redesigned context menus, offering users a simpler, more modern design. However, customers quickly discovered that the new menus leave a lot to be desired. Many are unhappy with performance (they are really slow), while others dislike the double-layed design, where many options are hidden behind the "Show more options" button. In addition, over the years, menus became cluttered and overloaded. While Microsoft has already fixed plenty of pain points across Windows 11, context menus remain mostly unchanged. Fortunately, Microsoft is finally listening. Marcus Ash, Design and Research Lead for Windows at Microsoft, responded to a tweet on X, confirming that the company is working on fixing Windows 11's context menus. Reworked context menus are supposed to be faster, simpler by default, and "configurable to what you use most." What the latter means is unknown, just like whether Microsoft plans to keep the classic menu alongside the modern one, but according to Marcus, the wait should finally be over soon, as he promised to "share our approach soon." Improved context menus will most likely appear first in Windows 11 preview builds in the Experimental Channel. While we wait for Microsoft to release them, you can try fixing context menus on your PC with a simple tool called Windows 11 Context Menu Manager. It lets you disable entries you do not need, not only cleaning up context menus, but also making them significantly faster. Microsoft has already improved Windows 11's Start menu and taskbar, so hopefully it will address user criticism of the context menu as well. Stay tuned for new Windows 11 preview builds, which usually arrive every Friday.

  • Recent Achievements

    • Week One Done
      I2D earned a badge
      Week One Done
    • One Month Later
      Carru_123 earned a badge
      One Month Later
    • Week One Done
      Dr Jared Dental Studio earned a badge
      Week One Done
    • Week One Done
      RG INVESTMENT GROUP earned a badge
      Week One Done
    • Very Popular
      The Norwegian Drone Pilot earned a badge
      Very Popular

  • Popular Contributors

    1. 1
      +primortal
      472
    2. 2
      PsYcHoKiLLa
      251
    3. 3
      Skyfrog
      79
    4. 4
      FloatingFatMan
      67
    5. 5
      Michael Scrip
      60
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!