PowerShell script to selectively kill a process associated with certain "DLL"
Here are some background knowledge- many components of the Windows OS are implemented as what are called “services”. Among them, a fair number of those services are implemented in DLLs rather than in stand-alone executables. But a DLL is only a library of functions that can be called by running porgrams – it can’t be running on its own. Svchost – a standalone program whose job is to execute services that are implemented in DLLs.
At any single time do a get-process svchost on your computer for svchost – you will get a bunch of them
PS C:\PS> get-process svchost
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
92 4 1744 596 37 0.34 440 svchost
212 6 3304 1808 61 1.26 648 svchost
143 4 2892 2132 39 0.59 772 svchost
490 14 2400 1836 39 2.75 1024 svchost
1682 72 19044 16596 114 42.83 1356 svchost
120 3 2588 600 33 0.20 1592 svchost
101 5 2124 2588 33 0.67 1816 svchost
289 13 8624 5944 47 0.65 1960 svchost
Now, let’s see we know that wuauserv.dll is running under one of them and for whatever reason we need to stop the svchost process related to wuauserv.dll – how we do that?
$svchosts = get-process svchost
foreach ($process in $svchosts)
{$PModules = $process.modules
foreach ($module in $Pmodules)
{if ($module.modulename -eq "wuauserv.dll")
{$process.id}
}
}
and once you identified the pid – you can do a select “kill”.
Here svchost is just an convenient example, you will run into situations where you have multiple instance whatever.exe running and they all associated with different modules. You could do similar trick here.