listing existing windows services with python
Alf P. Steinbach
alfps at start.no
Tue Feb 16 14:51:22 CET 2010
* Tim Golden:
> On 16/02/2010 12:48, Alf P. Steinbach wrote:
>> I just googled the filename from memory, found
>> <url: http://www.neuber.com/taskmanager/process/wmiprvse.exe.html>
>> Don't know if I've disabled it because invoking wmic didn't produce it.
>> Uh, wait, since it hosts the provider service(s), perhaps...
>> Yes, 'wmic service list brief' which actually retrieves some
>> information (I
>> guess it can be anything, I remembered this from listing process
>> command lines)
>> started an [wmprvse.exe] process.
>> It terminated after the query/usage, but as I recall in some cases it
>> I don't know how that works with programmatic access, but it's worth
>> checking out.
> Thanks. As I understand it, you're not talking about a *service*
> starting up
> or shutting down; rather a *process* starting up etc., presumably
> by the underlying service?
It doesn't seem to provide ordinary Windows "service"s, but it's a bit unclear
since e.g. the URL above says
Beginning with Windows XP, WMI resides in a shared service host with several
other services. To avoid stopping all the services when a provider fails,
providers are loaded into a separate host process named Wmiprvse.exe. Multiple
instances of Wmiprvse.exe can run at the same time under different accounts:
LocalSystem, NetworkService or LocalService. The WMI core WinMgmt.exe is loaded
into the shared Local Service host named Svchost.exe.
Note: wmiprvsw.exe is the Sasser worm!
Note: The wmiprvse.exe file is located in the folder C:\WINDOWS\System32\Wbem.
In other cases, wmiprvse.exe is a virus, spyware, trojan or worm! Check this
with Security Task Manager.
Checking for ordinary Windows services:
C:\test> (wmic service list >nul) & tasklist /svc /fi "imagename eq wmiprvse.exe"
Image Name PID Services
========================= ====== =============================================
wmiprvse.exe 1076 N/A
> I'll do some further research to see what's going on there.
- Alf (is this off-topic for the group?)
More information about the Python-list