问题描述
我一直试图找出Windows中是否有办法唯一地识别svchost.exe背后的进程。
I have been trying to find out if there is a way in windows to uniquely identify a process behind svchost.exe .
确定在svchost下运行的服务,我使用命令
tasklist / svc / fi" imagename eq svchost.exe"
To determine the services that are running under svchost , I use the command, tasklist /svc /fi "imagename eq svchost.exe"
该命令的结果是例如
图像名称               PID     服务
Image Name PID Services
========================= ======== ===== =======================================
========================= ======== ============================================
svchost.exe的                    784      Dnscache,CryptSvc,TapiSrv,TermService
svchost.exe 784 Dnscache, CryptSvc, TapiSrv , TermService
svchost.exe      864      RpcEptMapper,RpcSs
svchost.exe 864 RpcEptMapper, RpcSs
svchost.exe    936      AudioSrv,Dhcp,eventlog,HomeGroupProvider,lmhosts,wscsvc
svchost.exe 936 AudioSrv, Dhcp, eventlog, HomeGroupProvider, lmhosts, wscsvc
因此对于进程ID 784,我有4个服务正在运行。 Dnscache,CryptSvc,TapiSrv,TermService。
So for process ID 784, I have 4 services running. Dnscache, CryptSvc, TapiSrv , TermService.
我使用 EnumServicesStatusEx windows API来获取此信息。
I have used the EnumServicesStatusEx windows API to get this information.
我有一个网络驱动程序,通过打开tcp / udpports,当机器中的某个进程尝试在机器外部进行通信时,会向我提供信息。 例如,对于进程ID 784,我收到svchost尝试通过端口53访问Internet
的通知。(这是dns端口)。这是因为作为Windows的DnsClient的Dnscache在端口53上工作。
I have a network driver that gives me information when a particular process in a machine is trying to communicate outside the machine by opening tcp / udpports . For example for process ID 784 I get a notification that svchost is trying to access internet over port 53. (which is dns port). It is because Dnscache which is a DnsClient for windows works on port 53.
是否有任何win32例程允许我获取此类信息?我想确定一个流程,而不是确定一组流程。
Is there any win32 routine that allows me to get such kind of information ? I wanted to pinpoint a process instead identifying a group of processes.
推荐答案
这篇关于识别svchost.exe背后的实际进程而不是一组进程。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!