=> dimasite

IT for(;;) fun!

Posts Tagged ‘sccommand’

Windows Services from command line & Findstr: the Windows’ “grep”

Posted by Dmitrij Ivanov on February 3, 2011

If you need to interact with windows services and have detailed information about them using the command line you could dig into SC command functionalities. SC has more options but I’ll show you just few of them. If you want some more I invite you to read the related help documentation. So let start.

Show all active services. The “active” status is shown by default.

c:\>sc query

...
NOME_SERVIZIO    : uCamMonitor
NOME_VISUALIZZATO: CamMonitor
        TIPO                   : 10  WIN32_OWN_PROCESS
        STATO                  : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        CODICE_USCITA_WIN32    : 0  (0x0)
        CODICE_USCITA_SERVIZIO : 0  (0x0)
        PUNTO_CONTROLLO          : 0x0
        INDICAZIONE_ATTESA     : 0x0

NOME_SERVIZIO    : WSearch
NOME_VISUALIZZATO: Windows Search
        TIPO                   : 10  WIN32_OWN_PROCESS
        STATO                  : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        CODICE_USCITA_WIN32    : 0  (0x0)
        CODICE_USCITA_SERVIZIO : 0  (0x0)
        PUNTO_CONTROLLO          : 0x0
        INDICAZIONE_ATTESA     : 0x0

NOME_SERVIZIO    : wuauserv
NOME_VISUALIZZATO: Windows Update
        TIPO                   : 20  WIN32_SHARE_PROCESS
        STATO                  : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN)
        CODICE_USCITA_WIN32    : 0  (0x0)
        CODICE_USCITA_SERVIZIO : 0  (0x0)
        PUNTO_CONTROLLO          : 0x0
        INDICAZIONE_ATTESA     : 0x0
...

Show all inactive services. Mind the space between the equal char and the status name.

c:\>sc query state= inactive

...
NOME_SERVIZIO:     WebClient
NOME_VISUALIZZATO: WebClient
        TIPO                    : 20  WIN32_SHARE_PROCESS
        STATO                   : 1  STOPPED
        CODICE_USCITA_WIN32     : 1077  (0x435)
        CODICE_USCITA_SERVIZIO  : 0  (0x0)
        PUNTO_CONTROLLO         : 0x0
        SUGGERIMENTO_ATTESA     : 0x0

NOME_SERVIZIO:     WPCSvc
NOME_VISUALIZZATO: Parental Controls
        TIPO                    : 20  WIN32_SHARE_PROCESS
        STATO                   : 1  STOPPED
        CODICE_USCITA_WIN32     : 1077  (0x435)
        CODICE_USCITA_SERVIZIO  : 0  (0x0)
        PUNTO_CONTROLLO         : 0x0
        SUGGERIMENTO_ATTESA     : 0x0
...

the following will not work

c:\>sc query state = inactive
c:\>sc query state =inactive

Show active and inactive services

c:\>sc query status= all

Show information about the specified service name

C:\>sc query FontCache

NOME_SERVIZIO: FontCache
        TIPO                   : 20  WIN32_SHARE_PROCESS
        STATO                  : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        CODICE_USCITA_WIN32    : 0  (0x0)
        CODICE_USCITA_SERVIZIO : 0  (0x0)
        PUNTO_CONTROLLO          : 0x0
        INDICAZIONE_ATTESA     : 0x0

Start the service called FontCache

C:\>sc start FontCache

NOME_SERVIZIO: FontCache
        TIPO                   : 20  WIN32_SHARE_PROCESS
        STATO                  : 2  START_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        CODICE_USCITA_WIN32    : 0  (0x0)
        CODICE_USCITA_SERVIZIO : 0  (0x0)
        PUNTO_CONTROLLO          : 0x0
        INDICAZIONE_ATTESA     : 0x7d0
        PID                    : 1480
        FLAG                   :

Stop the service called FontCache. You must have administrative privileges!

C:\>sc stop FontCache

NOME_SERVIZIO: FontCache
        TIPO                   : 20  WIN32_SHARE_PROCESS
        STATO                  : 3  STOP_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        CODICE_USCITA_WIN32    : 0  (0x0)
        CODICE_USCITA_SERVIZIO : 0  (0x0)
        PUNTO_CONTROLLO          : 0x0
        INDICAZIONE_ATTESA     : 0x0

Also, take a look at sc create and sc delete commands, which allow you to manage the registration of your own service.

If you would like to have more control over the output information you can combine the SC command with the, unknown for many people command, findstr. Findstr basically searches strings inside the files and shows the occurrences. The /R option permits to use regular expressions as input for the search. I’m using the pipe | operator to pass the output of SC command as input for the findstr command.

Show only active services names. Since the output is localized you should replace the string NOME_SERVIZIO with an appropriate translation of service name.
. means every char
* zero or more occurrences of the previous char

C:\>sc query | findstr /R "NOME_SERVIZIO.*"

...
NOME_SERVIZIO    : Appinfo
NOME_SERVIZIO    : AudioEndpointBuilder
NOME_SERVIZIO    : AudioSrv
NOME_SERVIZIO    : Power
...

Considering the regular expressions special chars, the output of the command

C:\>sc query | findstr /R ".*"

is the same as

C:\>sc query

Show services names which contain the word “Audio”.

C:\>sc query | findstr /R "NOME_SERVIZIO.*Audio"

NOME_SERVIZIO    : AudioEndpointBuilder
NOME_SERVIZIO    : AudioSrv

Show services names which contain the word “Audio” followed by the word “Bui”.

C:\>sc query | findstr /R "NOME_SERVIZIO.*Aud.*Bui"

NOME_SERVIZIO    : AudioEndpointBuilder

Sometimes I use the “more” command which shows the file content page by page. I use the pipe | operator to pass the output of previous command as an input for the “more” command.

c:\>sc query | findstr /R "NOME_SERVIZIO.*" | more

NOME_SERVIZIO    : Appinfo
NOME_SERVIZIO    : AudioEndpointBuilder
NOME_SERVIZIO    : AudioSrv
...
-- More  --

Hit the space bar to show the next page, otherwise press the Enter key to show the next row.
That’s all.

Posted in SysAdmin | Tagged: , , , , , , | 1 Comment »