Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Login to participate.
Go Back   TechSpot OpenBoards > OS & Software > Misc. Software & Utilities
Reload this Page Best program to see what svchost and rundll32 are doing?

Best program to see what svchost and rundll32 are doing?

Reply
Bookmark / Share this page
Thread Tools
  #1  
Old 01-19-2006
Vigilante's Avatar
TechSpot Paladin
  
Location: Arizona, USA
Member since: Dec 2004, 2,114 posts
Best program to see what svchost and rundll32 are doing?
Hey guys, what do you use to see what modules are loaded by rundll32 and svchost?

Because these 2 things are just containers for other things, I need the best way to see what the actual program running is.

For examples, let's say you have a plain old computer that, as far as you know, is not infected with anything and is clean. BUT, here is rundll32 in task manager, and when you close it, it comes right back. And if you wait long enough, you may get more then one copy running.

In my experience, I know various parts of Windows that use rundll32, and when I close the process, so closes the thing I'm running. But in this case, nothing closes, but rundll32 comes right back.

So what do you use to see what process is behind this? I've used a program called Prcvr but it is slightly cryptic.
Reply With Quote
  #2  
Old 01-20-2006
Nodsu's Avatar
TS Special Forces
  
Location: Estonia
Member since: Feb 2002, 9,430 posts
System specs
You want the Process Explorer utility from Sysinternals. Enable lower pane and tell it to show DLLs. The tooltip tells you the exact library file path.
Reply With Quote
You can remove this banner by registering, join the TS Community for free.
  #3  
Old 01-20-2006
Vigilante's Avatar
TechSpot Paladin
  
Location: Arizona, USA
Member since: Dec 2004, 2,114 posts
I believe that is the one I use. Didn't know there was a lower pane.

I'll check it out again. thx
Reply With Quote
  #4  
Old 02-01-2006
Vigilante's Avatar
TechSpot Paladin
  
Location: Arizona, USA
Member since: Dec 2004, 2,114 posts
The sysinternals tool is alright, I can browse through all the modules and see the bad ones running. But that doesn't help much in figuring out which program runs which module.
If I right-click the programs one by one by one and view modules, the one I seek is not there. But when I view all the modules, it is there.

The program is good, bar hardly a quick and dirty way.

I'm still interrested to know if there is any utilities where I could see what is running, view the modules under it. As you know, there can be upwards of 3 to 5 or so SVCHOST.exe running even in Safe Mode. Some can be stopped but if you stop the wrong one the system will restart.
It is just annoying because I can SEE the "bad" dll running, but still have no way to stop it.
Reply With Quote
  #5  
Old 02-01-2006
iss's Avatar
iss iss is offline
TechSpot Chancellor
  
Member since: Nov 2002, 2,897 posts
Current Process, a freeware tool by NirSoft may be what you are looking for.

http://www.nirsoft.net/utils/cprocess.html

Another useful tool is a freeware tool by MST software, "IsUsedBy"

http://www.mstsoftware.com/c_mst_IsUsedBy.aspx
Reply With Quote
Reply
Thread Tools

Forum Jump


All times are GMT -4. The time now is 04:24 PM.