6.6. Finding the Services Run from a Process

Problem

You want to find the services being run from a process. In some cases, multiple services may be run from a single process.

Solution

Using a graphical user interface

  1. Open the Sysinternals Process Explorer tool (procexp.exe).

  2. Double-click on the process you want to view.

  3. If there are services being run from the process, a Services tab will be available from the process properties window.

Using a command-line interface

The following command displays the services that are run from the lsass.exe process:

> tasklist /svc /FI "IMAGENAME eq lsass.exe"

You can also use the tlist.exe command from the Windows 2000 Support Tools to show similar information:

> tlist -s | findstr Svcs: | findstr lsass.exe

Using VBScript

' This code displays the services run from the specified process.
' ------ SCRIPT CONFIGURATION ------
strComputer = "."
strProcess = "lsass.exe"  ' name of process
' ------ END CONFIGURATION ---------
set objWMI = GetObject("winmgmts: \\" & strComputer & "\root\cimv2")
set colProcess = objWMI.ExecQuery("Select ProcessID from Win32_Process " & _
                                    " Where Name = '" & strProcess & "'" )
for each objProcess in colProcess
   intPID = objProcess.ProcessID
next
   
WScript.Echo "Services run from process: " & strProcess
set colProcesses = objWMI.ExecQuery("Select Name from Win32_service " & _
                                    " Where ProcessID = " & intPID)
for each objProcess in colProcesses
   WScript.Echo "  " & objProcess.Name 
next

Discussion

It is not uncommon for a single process to ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.