locked
How can I tell if the process is a service process using PID? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Is there a way(API) that I can use to tell if the process is a service process if I know the pid of process?

    Thanks in advance.

     

    Thursday, May 20, 2010 9:51 PM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote
    EnumServicesStatusEx can return an ENUM_SERVICE_STATUS_PROCESS for every service on the system. This contains the PID of each returned service that's running.
    Phil Wilson
    • Proposed as answer by Darran Rowe Thursday, May 20, 2010 10:32 PM
    • Marked as answer by Ilho Ye Friday, May 21, 2010 1:47 AM
    Thursday, May 20, 2010 10:17 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    At most you can tell if a process has been registered as a service. Since applications can be created so they can run normally and be registered as a service then there is no way of figuring out if a process is a service, because in the end a service is an executable run by the service control manager which conforms to a certain set of interfaces.
    Any samples given are not meant to have error checking or show best practices. They are meant to just illustrate a point. I may also give inefficient code or introduce some problems to discourage copy/paste coding. This is because the major point of my posts is to aid in the learning process.
    Visit my (not very good) blog at
    http://c2kblog.blogspot.com/
    Thursday, May 20, 2010 10:03 PM
  • Question
    Sign in to vote
    1
    Sign in to vote
    EnumServicesStatusEx can return an ENUM_SERVICE_STATUS_PROCESS for every service on the system. This contains the PID of each returned service that's running.
    Phil Wilson
    • Proposed as answer by Darran Rowe Thursday, May 20, 2010 10:32 PM
    • Marked as answer by Ilho Ye Friday, May 21, 2010 1:47 AM
    Thursday, May 20, 2010 10:17 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Maybe you can use "CreateToolhelp32Snapshot" / "EnumProcessModules" / "GetModuleFileName" ...etc to obtain some Info,and then check it;Or you can also check Reg. table. 

    Thursday, May 20, 2010 10:17 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Phil:

    Interesting, I'll have to remember that myself. There are so many things in Windows which you don't know about or are easy to miss.

    Any samples given are not meant to have error checking or show best practices. They are meant to just illustrate a point. I may also give inefficient code or introduce some problems to discourage copy/paste coding. This is because the major point of my posts is to aid in the learning process.
    Visit my (not very good) blog at
    http://c2kblog.blogspot.com/
    Thursday, May 20, 2010 10:32 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Another way to determine if a PID is a service is to check it's parent PID, and whether that belongs to services.exe.  You can use ToolHelp to iterate processes; one of the fields of the each process info is the parent PID.
     
    -- David
     
    Friday, May 21, 2010 2:15 AM