6.6. Finding the Services Run from a Process
You want to find the services being run from a process. In some cases, multiple services may be run from a single process.
Using a graphical user interface
Open the Sysinternals Process Explorer tool (procexp.exe).
Double-click on the process you want to view.
If there are services being run from the process, a Services tab will be available from the process properties window.
Using a command-line interface
The following command displays the services that are run from the lsass.exe process:
> tasklist /svc /FI "IMAGENAME eq lsass.exe"
You can also use the tlist.exe command from the Windows 2000 Support Tools to show similar information:
> tlist -s | findstr Svcs: | findstr lsass.exe
' This code displays the services run from the specified process. ' ------ SCRIPT CONFIGURATION ------ strComputer = "." strProcess = "lsass.exe" ' name of process ' ------ END CONFIGURATION --------- set objWMI = GetObject("winmgmts: \\" & strComputer & "\root\cimv2") set colProcess = objWMI.ExecQuery("Select ProcessID from Win32_Process " & _ " Where Name = '" & strProcess & "'" ) for each objProcess in colProcess intPID = objProcess.ProcessID next WScript.Echo "Services run from process: " & strProcess set colProcesses = objWMI.ExecQuery("Select Name from Win32_service " & _ " Where ProcessID = " & intPID) for each objProcess in colProcesses WScript.Echo " " & objProcess.Name next
It is not uncommon for a single process to ...