Skip to main content.

ScTagQuery v1.12 - January 21, 2008

Navigation: ToolsManagement and AdministrationServices » ScTagQuery

Introduction

ScTagQuery allows you to obtain precise information on which threads in the system are being used by what service, in order to better gauge CPU and resource usage as well as to help in debugging service-related problems. It uses a new mechanism in Windows Vista and later (service tagging) to identify the service tag for each thread, and query the Service Control Manager (SCM) to do a tag-to-service name translation. Service tags are currently present on all RPC and COM worker threads, as well as generic threads created by the main service thread. However, worker pool threads are not yet tagged.

ScTagQuery can be used to map service tags to a service either on a live system, or by running the tool on the same system as where a crash dump occurred, since service tags remain the same after reboot.

Apart from mapping service tags to services, and querying the service tag for a thread, ScTagQuery can also show system-wide tag information, as well as dump the name of each service associated to any thread on the system (in other words, a system-wide dump of which threads are performing work for a service). Finally, ScTagQuery can also be used to dump the list of services referencing a DLL in a process.

^ TOP

Usage

See this blog entry for some specific usage scenarios for ScTagQuery.

usage: sctagqry [-a][-d dll name][-n tag][-p][-s][-t] <pid | tid | process name>

-a

Enumerate all registered systemwide services and tags.

-d

Show service(s) referencing a DLL.

-n

Lookup the service name for the given service tag.

-p

Display the service tag and name associated with each thread inside the process.

-s

Dump all services and service tags associated to the process.

-t

Query the tag belonging to the thread.

^ TOP

Examples

This command enumerates services referencing the Ole32 library in either the process with PID 1068, or the process owning the thread with TID 1068:

sctagqry -d ole32.dll 1068

To display a system-wide dump of every service thread on the system, its TID, parent PID and service name:

sctagqry -p 0

If you're looking at a tag in a crashdump and want to see registered tags on the same system:

sctagqry -a

To find out which services are running in a process:

sctagqry.exe -p AppleMobileDeviceService.exe

^ TOP

Download

You can download a .zip file containing both the 32-bit and 64-bit versions of ScTagQuery from this link (56 kb).

Please note that ScTagQuery requires Windows Vista or higher as well as full (elevated) administrative privileges.