【 Weak current College 】 depth resolution Windows most confusing two process

This will focus on how Windows system of Svchost.exe and Explorer.exe process, both as a Windows system in two important process, here we look at their characteristics and the application of various operating systems.

Explorer.exe

In the Windows family of operating systems, run-time will start a process named Explorer.exe. This process is mainly responsible for the display system's desktop icons and taskbar, it in different systems have different magical effect.

Explorer application in Windows9x

In Windows9x, the process is run when the system required. If you use the "end task" method to end the Explorer.exe process, the system will refresh the desktop, and update the registry. Therefore, we can also use this method to quickly update the registry. Methods are as follows:

Press Ctrl + Alt + Del key combination, the "end task" dialog box. In the dialog select "Explorer" option, and then click the "end task" button, you receive the "shut down Windows" dialog box. Click "no" button, the system later another dialog box will appear, telling you that the program is not responding, asking to end task. Click "end task" button, you update the registry and return Windows9x system environment. It is cumbersome to restart the process to be more convenient?

Explorer in Windows2000/XP application

In Windows2000/XP and other WindowsNT kernel system, the Explorer.exe process and is not required while the system is running, so you can use Task Manager to end it, does not affect the system's functioning. Open you need to run the program, such as Notepad. Then right-click the taskbar, and select "task manager", select "processes" tab in the window select the Explorer.exe process, click "end process" button, then the desktop in addition to the wallpaper (active desktop wallpaper ActiveDesktop), all icons and taskbar disappeared. At this point you can still do everything as usual.

If you want to run other software, but at this point the desktop empty? don't worry, there are two ways you can tactfully open other software:

The first method: press Ctrl + Alt + Del key combination, the "Windows security" dialog box, click the "task manager" button (or press CTRL + Shift + Esc key combinations), in the Task Manager window, select the "applications" tab, click "new task" in the pop-up "create new task" dialog box, enter the name you want to open the path and name of the software.

You can also be running the software, select "file → open" in the "open" dialog box, click on the "file type" drop-down list, select "all files", and then navigate to the software you want to open, right-click it, and on the shortcut menu, choose "open" command, you can start the software you need. Note that you cannot click "open" button to open the software, this method applies to most of the software, except the Office series.

By the end of the Explorer.exe process, it also reduces the system has around 4520KB uses memory will undoubtedly accelerate the speed of the system for resource intensive user frees up valuable space.

Svchost.exe

Svchost.exe is NT core system of the very important process, 2000, XP, indispensable. Many viruses, Trojans will call it. Therefore, an in-depth understanding of this program, is one of the required course of play on the computer.

Everyone on the Windows operating system must not new, but you do pay attention to the system "Svchost.exe" this file? careful friend will find Windows in multiple "Svchost" process (through the "ctrl + alt + del" key to open the Task Manager, here's the "process" tab you can see), why is that? here to break its mystery.

In the Windows NT kernel based operating system family, different versions of Windows systems, there is a different number of "Svchost" process, users using the "task manager" to view the number of its process. Generally speaking, there are two Win2000 Svchost process, WinXP, there are four or more than four Svchost process (after seeing the system has more than one such process, don't immediately determine system viruses a thing), but in the more Win2003server. The Svchost process provides a lot of system services, such as: rpcss Service (remoteprocedurecall), dmserver service (logicaldiskmanager), the DHCP service (dhcpclieNT), etc.

If you want to know what each Svchost process provides a number of system services in Win2000 command prompt window, enter "tlist-s" command to see, the command is Win2000supporttools. Use the WinXP "tasklist/svc"Command.

Svchost can contain multiple services

Windows system process is divided into separate processes and sharing process two, "Svchost.exe" file exists "%systemroot%\system32 directory", it belongs to a shared process. With Windows system services continue to increase, in order to save system resources, Microsoft put a lot of services into a shared way to start the Svchost.exe process.

But the Svchost process only as a service host does not implement any service feature, that is, it can only provide conditions for other service here is started, but it does not provide any services to the user. That is how to implement these services?

Originally these system services are dynamic-link library (dll) forms, they point to the executable program to be Svchost Svchost calls the appropriate service dynamic-link library to start the service. That's how Svchost knows that a system service it calls which dynamic link library? this is a system service in the registry settings of the parameters.

Visible from the startup parameters depend on Svchost service to start.

Because Svchost process starts a variety of services, viruses, Trojans also tried to use it, and attempted to use its features to confuse users, meet the infection, the purpose of the invasion, destruction. But there are multiple Windows Svchost process is normal, the infected machine exactly which is the virus process? here is just one example to illustrate.

Assuming the WindowsXP systems infected with a virus. Good Svchost files exist in "c:\Windows\system32" directory, if you find the file in another directory then carefully. Virus exists in "c:\Windows\system32\Wins" directory, use the process manager to view the Svchost process executable file paths are easy to find that the system is infected with a virus.

Windows systems with Task Manager is not able to view the path of the process, you can use a third-party process management software, these tools can easily view all Svchost process executable path to the executable path to the unusual location should be detected and dealt with immediately.