Uses for the TaslkList Command Line app in Windows XP SP2

This entry is a very simple explanation of "TaskList /SVC /FO TABLE"

When using Windows Task Manager, I often wonder what some of the .exe files are doing. These are listed under the Image Name column under the Processes tab. But, with Windows XP SP2, if I use the TaskList app from a command line I can see the services that each .exe is associated to.

So for example, from a command line, enter "TaskList /SVC /FO TABLE" so you can get a list formatted in an easy-to-read table with the services associated to each Image Name (and PID).

I enter this on my machine and I get a big list. What I have copied here are just the PID numbers and associated services running under svchost.exe.

svchost.exe 1412 DcomLaunch, TermService
svchost.exe 1516 RpcSs
svchost.exe 1556 AppMgmt, AudioSrv, BITS, CryptSvc, Dhcp,
svchost.exe  dmserver, ERSvc, EventSystem, helpsvc,
svchost.exe  HidServ, Irmon, lanmanserver,
svchost.exe  lanmanworkstation, Netman, Nla, RasMan,
svchost.exe  Schedule, seclogon, SENS, SharedAccess,
svchost.exe  ShellHWDetection, srservice, TapiSrv,
svchost.exe  Themes, W32Time, winmgmt, wuauserv, WZCSVC
svchost.exe 1612 Dnscache
svchost.exe 1836 LmHosts, RemoteRegistry, SSDPSRV, WebClient
svchost.exe 508 stisvc

Why do I care? Hmmm, curiosity I suppose. And of course, if I feel like killing one of the processes, I'll have a better idea of what I'm doing.
Go ahead and play around with the other options of TaskList and NetStat and you can find out some pretty interesting things with your system. And for you developers, dig into WMI and you can do stuff programmatically based on this same type of info (I think).
If you come up with a similar example, please let me know.

Comments (2)
  1. WTF?? says:

    What is it with stupid people leaving RemoteRegistry service running? How much control do you really want to give a hacker over your registry? Also, if you really don’t know what those services do then don’t kill them. You may find that things don’t work right until you restart your computer.

Comments are closed.

Skip to main content