From Collaborative RCE Tool Library

Jump to: navigation, search


Tool name: ScTagQuery
Rating: 0.0 (0 votes)
Author: Alex Ionescu                        
Current version: 1.12
Last updated: January 21, 2008
Direct D/L link:
License type: Free
Description: ScTagQuery allows you to obtain precise information on which threads in the system are being used by what service, in order to better gauge CPU and resource usage as well as to help in debugging service-related problems. It uses a new mechanism in Windows Vista and later (service tagging) to identify the service tag for each thread, and query the Service Control Manager (SCM) to do a tag-to-service name translation. Service tags are currently present on all RPC and COM worker threads, as well as generic threads created by the main service thread. However, worker pool threads are not yet tagged.

ScTagQuery can be used to map service tags to a service either on a live system, or by running the tool on the same system as where a crash dump occurred, since service tags remain the same after reboot.

Apart from mapping service tags to services, and querying the service tag for a thread, ScTagQuery can also show system-wide tag information, as well as dump the name of each service associated to any thread on the system (in other words, a system-wide dump of which threads are performing work for a service). Finally, ScTagQuery can also be used to dump the list of services referencing a DLL in a process.

Also see the following blog entry, for a more detailed description:
Related URLs: No related URLs have been submitted for this tool yet

Screenshot of ScTagQuery

RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!

If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Category Navigation Tree
   Needs New Category  (3)