Read on Twitter
PROBLEM: Critical service stops function on WinSvr after 10 min, but does not hang.
TWIST: Stop attempts fail. And its SVCHOST is shared by other services.
BANDAID:
1.) Set service to run under isolated SVCHOST with sc.exe.
2.) Schedule script to get service PID and force kill.
TWIST: Stop attempts fail. And its SVCHOST is shared by other services.
BANDAID:
1.) Set service to run under isolated SVCHOST with sc.exe.
2.) Schedule script to get service PID and force kill.
Expertise is knowing how to chain all your stupid ideas together correctly.
Should I subject 330,000 people to an explanation of the involved Windows subsystems and solution in an exhaustive thread
This is massively simplified and even reductively wrong, but it should give you a good idea.
Several stages into the Windows boot, it needs to start running subsystems that provide services that are separated out from the core. Like printing and what remembers DNS lookup replies
Several stages into the Windows boot, it needs to start running subsystems that provide services that are separated out from the core. Like printing and what remembers DNS lookup replies
This is managed by Service Control Manager. However, most of those are not EXEs. They are bundles of code that don't implement their own process, they're designed to load into SVCHOST. Yes, it's hosting services - that's the explanation you're welcome.
But why is it like this?
But why is it like this?
Two main reasons
1.) Services implement specific calls to cleanly and programmatically start, stop, and do regular check-ins to ring a bell and show they're still working and not mindlessly stuck. Some can't be fixed, but most are health monitored and just restarted if they fail.
1.) Services implement specific calls to cleanly and programmatically start, stop, and do regular check-ins to ring a bell and show they're still working and not mindlessly stuck. Some can't be fixed, but most are health monitored and just restarted if they fail.
Okay there's three reasons
2.) There arecode running concepts in Windows: Threads, and the containers that hold them called processes. Processes have significantly more overhead and if you trust the code, consolidating it into one process reduces resource – critical in the past.
2.) There arecode running concepts in Windows: Threads, and the containers that hold them called processes. Processes have significantly more overhead and if you trust the code, consolidating it into one process reduces resource – critical in the past.
Sorry 4 wait also hacking the planet
3.) 3rd is to separate services into different access tiers. Some services don't need to contact internet, so why allow them if they get hacked? Service process can group code into least-privileged roles to reduce permissions/abilities.
3.) 3rd is to separate services into different access tiers. Some services don't need to contact internet, so why allow them if they get hacked? Service process can group code into least-privileged roles to reduce permissions/abilities.
Possible for services to refuse to close because they don't respond to command. They're assumed critical so you're stuck killing EXE.
..But SVCHOST.EXE can host multiple critical services in same permissions tier. So you can't just kill EXE.
So set flag must run in own SVCHOST.
..But SVCHOST.EXE can host multiple critical services in same permissions tier. So you can't just kill EXE.
So set flag must run in own SVCHOST.
Obviously you can't just kill SVCHOST, you have tons of them. So you need Process ID number. But how to find right one? SC.EXE QUERY gives it, but a pain to parse results for #.
Sad, PowerShell doesn't give the PID in response at all so you can't cleanly find it.
But...
Sad, PowerShell doesn't give the PID in response at all so you can't cleanly find it.
But...
Something has come up. Continue tomorrow!
Remember don't become me or you will die alone graced without investigation or real obituary because you will have been so successful in un-attributing any success in life from your own name in a pathetic attempt at insulation from pain.
Remember don't become me or you will die alone graced without investigation or real obituary because you will have been so successful in un-attributing any success in life from your own name in a pathetic attempt at insulation from pain.
