May 11, 2007

The riddle of svchost

Yesterday, I chatted with my fellow author on this blog about some problems with a home PC, and this morning my desktop at home decided that starting up was fine, but doing anything sensible (except running IRC) was beyond it for the moment.

The common thing in both cases seemed to be that the process svchost.exe was taking a huge amount of processor power, as well as a large amount of memory.

I managed to kill the (apparently) runaway process, but that made me wonder.. what was it doing ? Googling for svchost turned up the following information:

Svchost.exe is a generic host process name for services that run from
dynamic-link libraries (DLLs).

The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging.

From A description of Svchost.exe in Windows XP Pro on the Microsoft site.

Using the actions and commands described in the knowledgebase article linked above, I could figure out what was running, and which subprocesses / services were hosted by the too-busy svchost process.

And now I know that .. what next ?

More when I find out myself !