listing existing windows services with python

Alf P. Steinbach alfps at start.no
Tue Feb 16 08:51:22 EST 2010 

* Tim Golden:
> On 16/02/2010 12:48, Alf P. Steinbach wrote:
>> I just googled the filename from memory, found
>>
>>     <url: http://www.neuber.com/taskmanager/process/wmiprvse.exe.html>
>>
>> Don't know if I've disabled it because invoking wmic didn't produce it.
>>
>> Uh, wait, since it hosts the provider service(s), perhaps...
>>
>> Yes, 'wmic service list brief' which actually retrieves some 
>> information (I
>> guess it can be anything, I remembered this from listing process 
>> command lines)
>> started an [wmprvse.exe] process.
>>
>> It terminated after the query/usage, but as I recall in some cases it 
>> doesn't.
>>
>> I don't know how that works with programmatic access, but it's worth 
>> checking out.
> 
> Thanks. As I understand it, you're not talking about a *service* 
> starting up
> or shutting down; rather a *process* starting up etc., presumably 
> controlled
> by the underlying service?

It doesn't seem to provide ordinary Windows "service"s, but it's a bit unclear 
since e.g. the URL above says


<quote>
Beginning with Windows XP, WMI resides in a shared service host with several 
other services. To avoid stopping all the services when a provider fails, 
providers are loaded into a separate host process named Wmiprvse.exe. Multiple 
instances of Wmiprvse.exe can run at the same time under different accounts: 
LocalSystem, NetworkService or LocalService. The WMI core WinMgmt.exe is loaded 
into the shared Local Service host named Svchost.exe.
Note: wmiprvsw.exe is the Sasser worm!

Note: The wmiprvse.exe file is located in the folder C:\WINDOWS\System32\Wbem. 
In other cases, wmiprvse.exe is a virus, spyware, trojan or worm! Check this 
with Security Task Manager.
</quote>


Checking for ordinary Windows services:

<example>
C:\test> (wmic service list >nul) & tasklist /svc /fi "imagename eq wmiprvse.exe"

Image Name                   PID Services
========================= ====== =============================================
wmiprvse.exe                1076 N/A

C:\test> _
</example>



> I'll do some further research to see what's going on there.

Cheers,

- Alf (is this off-topic for the group?)

More information about the Python-list mailing list