SVCHOST.exe – What is it and why are there so many of them?

2009 May 10
by Andy

I get asked this a lot.  When you run Task Manager in XP and look at the process list, you see tons of svchost.exe processes running.  You can’t kill them (you don’t really want to) and there’s no obvious reason that there are so many of them.

What are they?  Microsoft describes them like this:

“Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs).”

Helpful isn’t it?  Simply put, you can’t run a DLL without a host program.  Since Microsoft needs to run lots of different services that are DLL’s, it created a generic host executable to run them – svchost.exe.  There are lots of instances of svchost for a couple of reasons.  First and foremost, redundancy.  If all of the OS DLL’s were under one process alone, if any one of them crashed the host process, the entire operating system would crash.  Second, Microsoft likes to logically group similar services under similar hosts.

So how do you see what’s what?  There are a couple of ways.  In XP, there is a command line utility to view process information.  Run tasklist /SVC from a command line.  The output looks like this:

tasklist1

If you are running Vista or Windows 7, the Task Manager is much more helpful.  You can right click on a svchost process, then choose “Go to Services”.  This will open the services tab and highlight the related services.

There is a great utility called svchost viewer that shows you the services for each svchost process in a nice, easy to read tree view.  Download the program here.  Thanks to HowToGeek for the tip.

svchostviewer

Add to Del.cio.us RSS Feed Add to Technorati Favorites Stumble It! Digg It!
    www.sajithmr.com

No comments yet

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS