Services & Processes

Services are a major component of the Windows system. They allow for the creation and management of long-running processes. Windows services can be started automatically at system boot without user intervention.
On the other hand, processes run in the background on Windows systems. They either run automatically or are started by other installed applications.

Service

Service statuses can appear as Running, Stopped, or Paused, and they can be set to start manually, automatically, or on a delay at system boot.

Processes

Processes associated with installed applications can often be terminated. Certain processes are critical and, if terminated, will stop certain components of the OS from running properly.

Service Control Manager

Windows services are managed via the Service Control Manager (SCM) system, accessible via the services.msc MMC add-in.

# == SERVICES ==
# List running services - powershell
Get-Service | ? {$_.Status -eq "Running"}
 
# Filter 'update' from running services - powershell
Get-Service | ? {$_.Status -eq "Running"} | ? {$_.Name -like "*update*"}
 
# List running services - powershell alternative
Get-Service | Where Status -eq Running
 
# List running services - SC
sc query
 
# Query service over the network - SC
sc \\$IP qc ServiceName
 
# List running services - WMIC
wmic service where (state="running") get caption,name,state
 
# == PROCESSES ==
# List running processes - CMD
tasklist /svc | findstr lsass
 
# List running processes - powershell
Get-Process lsass

Microsoft Document

Get-Service

Sc.exe query

WMIC

Critical System Services

In Windows, there are some critical system services that cannot be stopped and restarted without a system restart. If you update any file or resource in use by these services, to apply changes the system needs to restart.

List of Microsoft components.

Process Description
smss.exe Session Manager Subsystem - Handles sessions on the system
csrss.exe Client Server Runtime Process - User-mode portion of Windows subsystem
wininit.exe Processes .ini files for changes after program installation
logonui.exe Facilitates user login to PC
lsass.exe Local Security Authentication Server - Verifies user logons
services.exe Manages starting and stopping services
winlogon.exe Handles secure attention sequence, user profiles, and screen locking
System Background system process running the Windows kernel
svchost.exe (RPCSS) Manages DLL-based services using Remote Procedure Call Service
svchost.exe (Dcom/PnP) Manages DLL-based services using DCOM and Plug and Play

☠️ ζHUB

Explorer

Services & Processes

Explorer

Backlinks

Process	Description
`smss.exe`	Session Manager Subsystem - Handles sessions on the system
`csrss.exe`	Client Server Runtime Process - User-mode portion of Windows subsystem
`wininit.exe`	Processes .ini files for changes after program installation
`logonui.exe`	Facilitates user login to PC
`lsass.exe`	Local Security Authentication Server - Verifies user logons
`services.exe`	Manages starting and stopping services
`winlogon.exe`	Handles secure attention sequence, user profiles, and screen locking
`System`	Background system process running the Windows kernel
`svchost.exe (RPCSS)`	Manages DLL-based services using Remote Procedure Call Service
`svchost.exe (Dcom/PnP)`	Manages DLL-based services using DCOM and Plug and Play