| Process Name |
File Name |
Definition |
| System Idle Process |
|
A process that runs to occupy
the processors when they are not executing other threads. Idle
has one thread per processor. |
| System |
|
Contains system threads that
handle lazy writing by the file system cache, virtual memory
modified page writing, working set trimming, and similar system
functions. |
| SMSS |
SMSS.EXE |
Session Manager Subsystem
|
| CRSS |
CRSS.EXE |
Client Server Runtime Subsystem,
provides text window support, shutdown, and hard-error handling
to the Windows NT environment subsystems. |
| WINLOGON |
WINLOGON.EXE |
Logon process executable. It
manages logon and logoff of users and remote Performance Monitor
data requests. |
| SERVICES |
SERVICES.EXE |
This process is shared by the
Windows NT Services Control Manager, which starts all services,
and a group of Windows NT 32-bit services, including Alerter,
Clipbook Server, Computer Browser, Event Viewer, Messenger,
Server and Workstation, and Plug and Play. |
| LSASS |
LSASS.EXE |
Local Security Administration
Subsystem, the process running the Local Security Authority
component of the Windows NT Security Subsystem. This process
handles aspects of security administration on the local computer,
including access and permissions. The Net Logon service shares
this process. |
| NDDEAGNT |
NDDEAGNT.EXE |
Network Dynamic Data Exchange
(DDE) Agent, handles requests for network DDE services.
|
| RPCSS |
RPCSS.EXE |
Remote Procedure Call (RPC subsystem)
which includes the RPC service and RPC locator. |
| SPOOLSS |
SPOOLSS.EXE |
Spooler Subsystem controls despooling
of printer data from disk to printer. |
| EXPLORER |
EXPLORER.EXE |
Windows NT Explorer, a segment
of the user interface which lets users open documents and applications
from a hierarchical display. |
| TASKMGR |
TASKMAN.EXE |
Task Manager executable.
|
| PSTORES |
PSTORES.EXE |
Protected Storage Service
|
| LLSSRV |
LLSSRV.EXE |
License Logging Service, the
service that logs the licensing data for License Manager in
Windows NT Server and the Licensing option in Control Panel
on both Windows NT Server and Workstation. |
| NTVDM |
NTVDM.EXE / Wowexec.exe
|
NT Virtual DOS Machine, which
simulates a 16-bit environment for MS-DOS and 16-bit Windows
applications. |
http://www.plasma-online.de/english/help/solutions/nt4_processes.html
Description of Svchost.exe in Windows 2000 (Q250320)
from Microsoft support
The information in this article applies to:
- Microsoft
Windows 2000 , Advanced Server
- Microsoft
Windows 2000 , Professional
- Microsoft
Windows 2000 , Server
For a Microsoft Windows XP version of this article, see Q314056
.
SUMMARY
Svchost.exe is a generic host process name for services
that are run from dynamic-link libraries (DLLs). The Svchost.exe file
is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe
checks the services portion of the registry to construct a list of services
that it needs to load. There can be multiple instances of Svchost.exe
running at the same time. Each Svchost.exe session can contain a grouping
of services, so that separate services can be run depending on how and
where Svchost.exe is started. This allows for better control and debugging.
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Svchost
Each value under this key represents a separate Svchost group and is displayed
as a separate instance when you are viewing active processes. Each value
is a REG_MULTI_SZ value and contains the services that run under that
Svchost group. Each Svchost group can contain one or more service_names
extracted from the following registry key, whose Parameters key contains
a ServiceDLL value:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Service
MORE INFORMATION
To view the list of services that are running in Svchost:
- From the Windows 2000 installation CD's Support\Tools
folder, Extract the Tlist.exe utility from the Support.cab file.
- On the Start menu, click Run ,
and then type cmd .
- Change folder to the location from which you extracted
the Tlist.exe utility.
- Type tlist -s .
Tlist.exe displays a list of active processes. The
-s switch shows the list of active services in each process.
For more information about the process, type tlist
pid .
The following sample Tlist output shows two instances of Svchost.exe running:
0 System Process
8 System
132 smss.exe
160 csrss.exe Title:
180 winlogon.exe Title: NetDDE Agent
208 services.exe Svcs: AppMgmt,Browser,Dhcp,dmserver,Dnscache,Eventlog,lanmanserver,LanmanWorkstation,LmHosts,Messenger,
PlugPlay,ProtectedStorage,seclogon,TrkWks,W32Time,Wmi
220 lsass.exe Svcs: Netlogon,PolicyAgent,SamSs
404 svchost.exe Svcs: RpcSs
452 spoolsv.exe Svcs: Spooler
544 cisvc.exe Svcs: cisvc
556 svchost.exe Svcs: EventSystem,Netman,NtmsSvc,RasMan,SENS,TapiSrv
580 regsvc.exe Svcs: RemoteRegistry
596 mstask.exe Svcs: Schedule
660 snmp.exe Svcs: SNMP
728 winmgmt.exe Svcs: WinMgmt
852 cidaemon.exe Title: OleMainThreadWndName
812 explorer.exe Title: Program Manager
1032 OSA.EXE Title: Reminder
1300 cmd.exe Title: D:\WINNT5\System32\cmd.exe - tlist -s
1080 MAPISP32.EXE Title: WMS Idle
1264 rundll32.exe Title:
1000 mmc.exe Title: Device Manager
1144 tlist.exe
The registry setting for the two groupings for this example are as follows:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost:
netsvcs: Reg_Multi_SZ: EventSystem Ias Iprip Irmon Netman Nwsapagent
Rasauto Rasman Remoteaccess SENS Sharedaccess Tapisrv Ntmssvc
rpcss :Reg_Multi_SZ: RpcSs
|