Jump to content

Finding process name or pid shown in windows


 Share

Recommended Posts

Hello All, 

If you're interested in the story, read below. Otherwise, just jump to the end of the post. 

Story: 

Sometimes my computer goes crazy with Windows update. I tried to turn it off with "services.msc", but couldn't close the it. So, I did some research online that it's triggered by Update Orchestration and Task Scheduler and Windows Update. I also checked that all three processes are triggered by svchost.exe.

2042019124_ProcessList.thumb.png.b28273c537295a4af117a03a13fe28f7.png

So, I tried to make a script to close this process. I found some useful functions ProcessList and _ProcessGetName using the help documents and coded something as below: 

#include <MsgBoxConstants.au3>
#include <Process.au3>

Local $aProcessList = ProcessList()
For $i = 1 To $aProcessList[0][0]
    $iPid = $aProcessList[$i][1]
    $sName = _ProcessGetName($iPid)
    MsgBox($MB_SYSTEMMODAL, "The process", "PID: " & $iPid & @CRLF & "NAME: " & $sName)
    If $sName = "svchost.exe" Then
        ;ProcessClose($iPid) ;I don't know if this is the process I want to close
    EndIf
Next

But the problem is; there are so many svchost.exe exists in the process list. I can't close all of them, some of them are essential to run Windows (well, accidentally I terminated some of them and ended up with a blue screen :( 

---------------

Well, how can I know the process name like "Service Host: Update Orchestration" (not the scvhost)?

It's not only with the .exe file, just to the name shown in Windows. 

TY.

Link to comment
Share on other sites

Use WMI approach with Win32_Service.  There is a method to stop or even delete the service.  Search the AutoIt site, there is multiple examples of using WMI programmatically.

 

Link to comment
Share on other sites

I modified as below: 

#include <WinAPIProc.au3>
$iPid = 9584
$sName = _WinAPI_GetProcessName($iPid)
ConsoleWrite($sName & @CRLF)

;But this returns me only --> svchost.exe

I also used "sc query" in cmd to find the list of processes. 

How can I obtain PID from Service Name or Display Name? 

Or How can I obtain Service Name or Display Name from PID? 

image.png.ae1ac65d0257edcf55806758e639a0ec.png

TY.

Link to comment
Share on other sites

I did not test it, but running WMI on caption of "Windows Update" service, got the following description :

Quote

Active la détection, le téléchargement et l’installation des mises à jour de Windows et d’autres programmes. Si ce service est désactivé, les utilisateurs de cet ordinateur ne pourront pas utiliser Windows Update ou sa fonctionnalité de mise à jour automatique, et les programmes ne pourront pas utiliser l’API de l’Agent de mise à jour automatique Windows Update (WUA).

Seems to me that it is possible to deactivate that service.

Link to comment
Share on other sites

Because so many disable it in Win7 (which is a horrible idea) is why MS decided enough is enough. EVERYONE must receive regular updates to stay as secure as possible

Windows Enterprise and Windows server always allow you to manually turn off and completely disable auto updating. Windows 10 education might also let you? Not sure. But we don't own the software, it's provided as a SERVICE by MS to us thru licensing. We must live with their final decisions in the end and adapt.

I do not condone the practice, even with Win7 of disabling the updates. It's a horrible idea considering all the dangers you face online out there. Even Linux distros are always updated and now have auto update available (though I think they should enforce it as well)

 

Windows 10 installs so fast off a USB anyway, even on my Craptop computer (A6 powered AMD, lol) it takes only about 8 minutes to install! So if an update hoses you (you should always have your data backed up) you can format and reinstall in under 10 minutes. All my data is in MS cloud so i never lose anything. I just had to install latest windows after Malwarebytes screwed me (my A6 just can't handle that program, too cpu intensive and this a 200 notebook, lol)

Edited by Earthshine

My resources are limited. You must ask the right questions

 

Link to comment
Share on other sites

to the Original Poster (OP) of this thread

1. how old is the install of windows?

2. can you post a screenshot of your installed programs?

 

if all else fails to get your PC under control try the following:

  1. You should back up your data to a HDD and cloud, then create an Win10 boot USB from 
  2. MS Windows 10 Creation tool
  3. create a bootable USB or DVD and boot to it
  4. Choose Custom Install and delete all your partitions on the main drive
  5. install fresh and clean and then be careful not to install junkware or other things that can slow you down.
  6.  let it update normally
  7. don't tweak anything, Win10 knows all the proper drivers and everything you need (win10 knows the proper drivers for just about everything out there)
  8. you MAY have to install graphics drivers from your video card manufacturer depending on what card you have

BTW, i just installed latest Win10 yesterday and now my anemic notebook is a little screamer again. malwarebytes somehow corrupted my profile, lol

my last install lasted for years now, but i had to go install malwarebytes (only to find nothing, lol) and ruin my profile.

 

Edited by Earthshine

My resources are limited. You must ask the right questions

 

Link to comment
Share on other sites

Hi, this is the computer information: 

image.png.e469c5b0aa34d7f475ae521ee92c6be9.png

About the installed programs, there are many, can't screenshot all of them one by one. Also cannot make a fresh Windows install. 

------------------------

I think computer specs is not the problem here. If I run "sc query" as I wrote in the above post, I can get SERVICE_NAME and DISPLAY_NAME values. Using these, how can I know the PID for each of them? Look at my below (just copied from help files and modified a little bit).

#include <MsgBoxConstants.au3>
#include <Process.au3>

Local $aProcessList = ProcessList()
For $i = 1 To $aProcessList[0][0]
    $iPid = $aProcessList[$i][1]
    $sName = _ProcessGetName($iPid)
    MsgBox($MB_SYSTEMMODAL, "The process", "PID: " & $iPid & @CRLF & "NAME: " & $sName)
    If $sName = "svchost.exe" Then
        ;ProcessClose($iPid)
        ;I don't know if this is the process I want to close
        ;Because there are so many scvhost running
        ;How can I be sure that this PID for scvhost is related to Update Orchestration?
    EndIf
Next

Using this script, I can get the list of scvhosts. But there are so many running in the system, I can't terminate all of them. I just want to terminate specific one (that is update orchestration). 

Again: Please don't focus on the windows update case. The question is: I have list of services and display names. How can I know the PID for these? It's just like; okay there is an application running (which I can see in the task manager) then right click on it and "Go to details", then I can find the PID. How can I find the PID from service name (or finding service name from PID)? @Nine asked me to check some WMI, but I couldn't manage to get PID and service / display name mapping... 

 

image.png.ea24d5006a3c1bc4ba16530a136f3af5.png

 

TY.

Link to comment
Share on other sites

Here your Christmas gift early ;)

#include <Constants.au3>
#include <Array.au3>

Opt("MustDeclareVars", 1)

_CheckService()

Func _CheckService()
  Local $objWMIService = ObjGet("winmgmts:\\" & @ComputerName & "\root\CIMV2")
  Local $colItems = $objWMIService.ExecQuery('SELECT * FROM Win32_Service WHERE State = "Running"')
  If Not IsObj($colItems) Then Exit MsgBox(0, "", "Not an object")
  If Not $colItems.count Then Exit MsgBox(0, "", "Service not found")
  Local $aService[$colItems.count][4], $i = 0
  For $sItem In $colItems
    $aService[$i][0] = $sItem.Caption
    $aService[$i][1] = $sItem.PathName
    $aService[$i][2] = $sItem.ProcessId
    $aService[$i][3] = $sItem.Name
    $i += 1
  Next
  _ArrayDisplay ($aService)
EndFunc   ;==>_CheckService

HoHoHo !

Edited by Nine
Link to comment
Share on other sites

Link to comment
Share on other sites

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...