Alexander's Blog

Sharing knowledge with the global IT community since November 1, 2004

Display a list of processes and all the services running in each process

By
/
On April 23, 2005
/
ad-mania

Do you know exactly which processes are running on your computer? What about all the services running in each of those processes? It’s important to know exactly which processes are running on your computer, not just for security reasons but also for troubleshooting. The problem is sometimes it’s hard to tell if a process is really needed or the service with which it’s associated. The example in the following script displays a list of processes and all the services running in each process. This script can be useful to determine not only the processes and the services running in those processes but also to determine the exact service that’s associated with each “svchost.exe” listed in the Task Manager. Here are a few examples to help you understand how this script can be useful.

Let’s say your Task Manager shows you a process running called Rtvscan.exe with a Processor ID (PID) number 536. Running the script will show you the process ID 536 is associated with Symantec AntiVirus Client. Or you might see a process CDANTSRV.EXE with a certain PID number. The script will show you the process is part of C-DillaSrv, which is a part of MacroVision safeCast copy protection software. The service is used to provide software activation services and CD Key verification services for anti-piracy reasons and it is bundled with several products. It also increases the amount of popups you receive on your computer. Most people will disable this service, unless the service is required for certain games.

You may have noticed several processes called svchost.exe, each with its own PID number. Running the script will show the exact services running under each of those processes. For example, one process may only be running Remote Procedure Call (RPC), while another svchost.exe could be running close to 30 different services. Once you know what processes and services are running, you may want to shut down the ones you don’t need.

Copy the contents of the following script to Notepad and save it with .vbs extension. To execute the file, logon to the computer with an Administrator account and double-click the filename.

set objIdDictionary = CreateObject(“Scripting.Dictionary”)
strComputer = “.”
Set objWMIService = GetObject(“winmgmts:” & “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2”)
Set colServices = objWMIService.ExecQuery (“Select * from Win32_Service Where State <> ‘Stopped'”)
For Each objService in colServices
If objIdDictionary.Exists(objService.ProcessID) Then
Else
objIdDictionary.Add objService.ProcessID, objService.ProcessID
End If
Next
colProcessIDs = objIdDictionary.Items
For i = 0 to objIdDictionary.Count – 1
Set colServices = objWMIService.ExecQuery (“Select * from Win32_Service Where ProcessID = ‘” & colProcessIDs(i) & “‘”)
Wscript.Echo “Process ID: ” & colProcessIDs(i)
For Each objService in colServices
Wscript.Echo VbTab & objService.DisplayName
Next
Next

This script is supported on Windows 2000/XP/2003. It is also supported on Windows NT 4.0 computers that have Windows Management Instrumentation (WMI) installed.

Copyright ©2005 Zubair Alexander. All rights reserved.

Print 🖨
  • Facebook
  • Twitter
  • Linkedin
You May Also Like

Leave a Comment

Your email address will not be published. Required fields are marked *

This div height required for enabling the sticky sidebar