dcsimg
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 9 of 9

Thread: [RESOLVED] CreateToolHelp32Snapshot and listing Services under Svchost.exe... How to?

  1. #1
    Join Date
    May 2019
    Posts
    35

    [RESOLVED] CreateToolHelp32Snapshot and listing Services under Svchost.exe... How to?

    I have created a SnapShot of all the processes running by using CreateToolHelp32Snapshot.

    I then iterate through all the processes by using Process32First and Process32Next as detailed in the following article:

    https://docs.microsoft.com/en-us/win...rocess-walking

    However, when I get to any process called "Svchost.exe" I want to be able to see which services that process is hosting and, if possible, its name listed as "Service Host: xxxxxxxx" (where "xxxxxx" is something like 'Local Service' or 'Remote Procedure Call' or whatever... just like it appears in Task Manager).

    How can I see which processes each instance of "SvcHost.exe" is hosting and how can I list them, using win32api function calls?

  2. #2
    Arjay's Avatar
    Arjay is offline Moderator / MS MVP Power Poster
    Join Date
    Aug 2004
    Posts
    13,108

    Re: CreateToolHelp32Snapshot and listing Services under Svchost.exe... How to?

    Is the task manager capable of listing the processes of svchost.exe?

  3. #3
    Join Date
    May 2019
    Posts
    35

    Re: CreateToolHelp32Snapshot and listing Services under Svchost.exe... How to?

    Quote Originally Posted by Arjay View Post
    Is the task manager capable of listing the processes of svchost.exe?
    Yes, of course.

    I'm aiming to try to list the Services hosted by each instance of 'SvcHost.exe'. I iterate through each process using Process32First and then Process32Next (called 'Process Walking').

    Whenever I hit one of the many 'SvcHost.exe' processes I'm trying to get its full name (Ex: 'Service Host: Local Service (No Network)' ) and/or, more importantly, the specific services hosted by that 'SvcHost.exe' process.
    Last edited by Arianax; July 7th, 2019 at 11:09 AM.

  4. #4
    Arjay's Avatar
    Arjay is offline Moderator / MS MVP Power Poster
    Join Date
    Aug 2004
    Posts
    13,108

    Re: CreateToolHelp32Snapshot and listing Services under Svchost.exe... How to?

    Try the undocumented ntquerysysteminformation function.

  5. #5
    Join Date
    May 2019
    Posts
    35

    Re: CreateToolHelp32Snapshot and listing Services under Svchost.exe... How to?

    The documentation advises against using that function because it changes with updates to the OS so its functionality cannot be guaranteed.

    I was thinking more along the lines of finding out a surefire way to populate the LPENUM_SERVICE_STATUS_PROCESS struct that's associated with the EnumServicesStatusEx() function.

    If I can allocate the correct amount of memory in EnumServicesStatusEx() function for the LPENUM_SERVICE_STATUS_PROCESS struct then there must be some way I can increment through it using a 'for loop' in order to output the struct for each and every service.

    Problem is I'm not sure how to do that. Memory allocation is eluding me and I don't know how to cause the struct to iterate through each service. So far it just outputs the first service (alphabetically), as so:

    Code:
    LPENUM_SERVICE_STATUS_PROCESS service;
    
    EnumServicesStatusEx(SCM, SC_ENUM_PROCESS_INFO, SERVICES_ACTIVE, SERVICE_WIN32, NULL, 0, &pcbBytesNeeded, &lpServicesReturned, &lpResumeHandle, NULL);
    
    DWORD buffer;
    buffer = pcbBytesNeeded;
    
    service = (LPENUM_SERVICE_STATUS_PROCESS) LocalAlloc(LMEM_FIXED, buffer);
    
    EnumServicesStatusEx(SCM, SC_ENUM_PROCESS_INFO, SERVICES_ACTIVE, SERVICE_WIN32, (LPBYTE)Service, buffer, &pcbBytesNeeded, &lpServicesReturned, &lpResumeHandle, NULL);
    I then output the number of services counted using std::to_wstring(lpServicesReturned).

    Not sure how to proceed from here...

    Trying to iterate through each and every service and output the data contained in SERVICE_STATUS_PROCESS.

    I'm not sure if the LPENUM_SERVICE_STATUS_PROCESS struct contains details for all the services or just the first service. If it only contains details for the first service, how would I write a 'for loop' to populate an ARRAY of LPENUM_SERVICE_STATUS_PROCESS structs to hold data for each and every service..?

    EDIT: Think I've found the answer myself... Please see my reply below..(!!!)
    Last edited by Arianax; July 10th, 2019 at 04:12 PM.

  6. #6
    Join Date
    May 2019
    Posts
    35

    Re: CreateToolHelp32Snapshot and listing Services under Svchost.exe... How to?

    It seems it's far more simple to iterate through the LPENUM_SERVICE_STATUS_PROCESS struct than I previously guessed or grasped...

    I used this code, supplied for those who might also encounter this problem:
    Code:
    for(UINT I = 0; I < lpServicesReturned; I++)
    {
    MessageBox(NULL, service[I].lpDisplayName, L"Service Name:", MB_OK);
    
    }
    That will list each and every running service, one after another, inside a message box on the screen...

    Other functionality can be provided by referencing different parts of the SERVICE_STATUS_PROCESS struct contained within the LPENUM_SERVICE_STATUS_PROCESS struct.

  7. #7
    Arjay's Avatar
    Arjay is offline Moderator / MS MVP Power Poster
    Join Date
    Aug 2004
    Posts
    13,108

    Re: [RESOLVED] CreateToolHelp32Snapshot and listing Services under Svchost.exe... How

    Quote Originally Posted by Arianax View Post
    The documentation advises against using that function because it changes with updates to the OS so its functionality cannot be guaranteed.
    I generally agree about not using undocumented apis, but I make an exception in this case (in fact, ntquerysysteminformation is the only undocumented api that I have used or recommend using). I've used it since about 1996 and it's unlikely to change since the Windows task manager apps relies on it.

  8. #8
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,602

    Re: [RESOLVED] CreateToolHelp32Snapshot and listing Services under Svchost.exe... How

    Quote Originally Posted by Arjay View Post
    I've used it since about 1996 and it's unlikely to change since the Windows task manager apps relies on it.
    Task Manager reliance upon the undocumented API does not guarantee the API immutability. Task Manager is a system app that changes along with the Windows core, and MS is not obliged to keep it working with a core of any other version. Actually, this is what this sort of API warning is really about.

    Besides, while API prototype itself can remain unchanged and seemingly unaffected by the respective core changes, the internal undocumented structures it fetches may change alright. I ran into this sort of situation when Win2k came out and all of a sudden the returned process information structures turned out to be slightly different from WinNT4 ones, first of all in size, so even with minor changes the iteration was broken. After all the years passed I do not clearly remember the details now, but remember the taste of nasty surprise very well.
    Best regards,
    Igor

  9. #9
    2kaud's Avatar
    2kaud is offline Super Moderator Power Poster
    Join Date
    Dec 2012
    Location
    England
    Posts
    6,877

    Re: [RESOLVED] CreateToolHelp32Snapshot and listing Services under Svchost.exe... How

    [Additional question re EnumServiceStatusEx moved to http://forums.codeguru.com/showthrea...d-free-memory]
    All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!

    C++17 Compiler: Microsoft VS2019 (16.3.5)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Windows Mobile Development Center


Click Here to Expand Forum to Full Width




On-Demand Webinars (sponsored)