Once upon a time, it was fairly challenging to determine which services were running in an individual svchost.exe process. Today, with Process Explorer, there’s nothing easier – just hover over the svchost.exe process and you get a list of services, or double-click an svchost.exe process and go to the Services tab:
A similar problem can arise with user-mode drivers (UMDF). User-mode drivers are COM DLLs loaded into WUDFHost.exe processes, and some WUDFHost.exe processes may contain more than one user-mode driver. Process Explorer does not help in identifying which user-mode drivers are loaded into a WUDFHost.exe process, and although you can look at the list of DLLs and try to identify the ones that represent drivers, a more reliable way is desired. One option is to look at the list of threads inside the process, and identify command threads for UMDF drivers, such as this one:
Read more: All Your Base Are Belong To Us
QR: 