How to separate out .DLL based services that use a shared generic service host process name (svchost.exe) for troubleshooting…

Have you ever had system resource issues where checking Task Manager in Vista seems to point to an instance of SVCHost.exe? Well, the difficulty here is that multiple dynamic link library (.DLL) based services can be hosted within a single SVChost.exe, and there can be multiple SVCHost.exe open simultaneously. How can we possibly sort out what is running in each generic service host process and then split out the contents of the hosted services to see what may actually be happening?

In Vista, from an Administrator command prompt, you can run the following commands to see what is running in a generic host process:

Tasklist /svc

This will show all the services running, their PID, and if in a Svchost.exe: what services are running shared in a generic svchost.exe. A more specific command to see just what is hosted in svhost.exe's is:

Tasklist /svc /fi "imagename eq svchost.exe"

Take a look at what is running in each host service, and then you can begin splitting these into their own host process to begin to get an idea of who might be doing what. From the same Administrator cmd prompt, type

SC Config <Servicename> Type= own

Note that is a space between the "=" sign and the "own" parameter. This is necessary for the command to work. Then you can check if the item is hosted in its own SVChost.exe by running either of the Tasklist command above again. For example: Tasklist /svc

Now you can monitor to see what is happening to an individual svchost.exe instead of trying to figure which item out of a possible many is impacting the system. When you are done testing, you can return the box to its original state by running:

SC Config <Servicename> Type= share

Thanks! Chris