Who… What… Where…

There are a number of threads in the Microsoft Windows Update Newsgroup and around other well known sites regarding the infamous SVCHOST Issue!

The main issue that people are reporting is the high CPU usage from the process SVCHOST.exe, generally fluctuating between 20 and 85 percent CPU usage, in some cases using all of the CPU cycles and leaving the computer un-usable.

The cause of this is the Automatic Update service during its detection process; this is where the client PC either checks in to the local WSUS server or accesses the Windows Update site and determines which MS updates are required from the update catalogue.

All of this information is very good… I hear you say, however where is the fix!

Ok, after much web crawling and some testing, below is the method I have used for my clients which has proved sucessfull:

1. Firstly stop the Automatic Update service either through services.msc or with the command line net stop “Automatic Updates”. This will ensure the update process is as quick as possible.
2. Next apply the first of two patches; an update to the Windows Update Agent, the current version is 2.0, this patch updates it to version 3.0 which is pushed out via WSUS v3.0:
   • Windows Update Agent 3.0 – x86
   • Windows Update Agent 3.0 – x64
   • Windows Update Agent 3.0 – ia64
3. Apply the hotfix for this issue, originally stated in KB916089 and then superseded by KB927891 which provides an update for the Msi31.dll (exact name depends on operating version) with basically a more efficient detection algorithm in place:
   • Hotfix KB927891 – x86
   • Hotfix KB927891 – x64
4. Finally reboot the client PC and start the Automatic Update service if it is not set to start automatically.

This article describes how to create a service on either Windows NT, 2000 or XP (untested on Vista). The service can run any application required and can be configured as any other service on the system can.

This information has been extracted from the Microsoft article KB137890, and requires two programs that can be found in the Windows NT resource kit (or here)

• SRVANY.EXE – Allows any application to run as a service
• INSTSRV.EXE – Creates the system service

Create the service

Use the INSTSRV.EXE application to create the system service, it requires two parameters; the first is the name of the service you want to create, the second is always the path to the SRVANY.EXE application.

INSTSRV.EXE Notepad c:\SRVANY.EXE

Set the application as a service

Next edit the registry and enter the path to the application that is required to run as a service. The location is the registry depends on the name of the service that was defined above; in this case Notepad

Run regedit.exe

Navigate to HKLM\SYSTEM\CurrentControlSet\Services\Notepad

Create a new key called Parameters

Under the new key create a new string value called Application and set its value to the path of the application c:\WINDOWS\NOTEPAD.EXE

Once created this service can be managed through the services mmc to set its startup type, recovery response etc.

To make this process easier, the following code can be placed into a batch file and run (with the correct parameters) to create the service and congfiure the registry. It assumes that INSTSRV.EXE is already in a search path and that SRVANY.EXE is located in the root of the C drive.

@echo off

rem #################################
rem ## This batch file created a new system service ##
rem ## ensure the correct parameters are used       ##
rem #################################

rem Parameter 1 should be the name of the service
rem Parameter 2 should be the path to the executable

echo Creating Service
INSTSRV.EXE %1 c:\SRVANY.EXE

echo Creating Registry Keys
reg add “HKLM\SYSTEM\CurrentControlSet\Services\%1\Parameters”
reg add “HKLM\SYSTEM\CurrentControlSet\Services\%1\Parameters” /v Application /d %2

I will commonly write small batch files to automate tasks that are repetitive, due to this I find myself using the for loop a lot. Below are a few examples of when and where the for loop can be used effectively.

Looping through entries in a file

This example will take a standard text file (MyTextFile.txt) and then loop through all lines until the end of the file is reached. For each of the lines the first word (represented by %%A) will be printed out to the screen and ping’ed.

FOR /F “tokens=1″ %%A IN (C:\MyTextFile.txt) DO (

echo %%A

ping %%A

)

An example of the text file is simply:

COMPUTER01
COMPUTER02
COMPUTER03
COMPUTER04

By changing the tokens value, which word on a line that is used will change. By setting the value of tokens from 1 to 1,2 both the first and second words per line will be available via the parameters %%A and %%B. When using the following input file, within the loop %%A will be the computer name and %%B will be the IP address.

COMPUTER01 192.168.1.100
COMPUTER02 192.168.1.101
COMPUTER03 192.168.1.102

To ignore selected lines, i.e. lines that are actually comments use the eol parameter, the following for loop will ignore all lines that start with a colon:

FOR /F “tokens=1 eol=:” %%A IN (C:\MyTextFile.txt) DO (

echo %%A

)

If the input file has a number of header lines that should not be included the skip parameter should be used, for following will exclude the first 3 files of the input file:

FOR /F “tokens=1 eol=: skip=3″ %%A IN (C:\MyTextFile.txt) DO (

echo %%A

)

To override the default delimiters (space and tab) the delims parameter should be used. The following will ignore the space delimiter and instead delimiter by comma:

FOR /F “tokens=1 delims=,” %%A IN (C:\MyTextFile.txt) DO (

echo %%A

)

For a simple introduction to the mail() function see the PHP_Advanced article. This article describes some of the more advanced features that can be achieved through the mail function.

Assign Names to email addresses

When receiving an email you will notice that the To field often contains a name rather than the email address it was send to.

<HTML>
<BODY>
<?PHP
mail(‘bob@email.com’, ‘Test email’,
‘This is a test email’,
“To: Bob Jones <bob@email.com>\n” .
“From: Jane Jones <jane@email.com>\n” .
“cc: Another Person <another@email.com>\n” .
“Bcc: Yet Another <more@email.com\n>”);
?>
</BODY>
</HTML>

HTML Emails

The next stage is sending HTML email messages, this allows for standard HTML tags to be used when composing the message content. When sending a message in HTML it must be declared that is it HTML in the header of the email, this is done through both the Content-type: and MIME-Version headers’:

<HTML>
<BODY>
<?PHP
mail(‘bob@email.com’, ‘Test email’,
‘<html><body><b>Hello! World</b> \n <i>this is a test email</i></body></html>’,
“MIME-Version: 1.0\n” .
“Content-type: text/html; charset=iso-8859-1″);
?>
</BODY>
</HTML>

The MIME-Version (Mulitpurpose Internet Mail Extensions) header indicates that the email follows the internet standards, following that the Content-type header can declare the format being used; text/html; followed by the character set being used charset=iso-8859-1

Mixed Format Emails

Although the majority of email clients support HTML email messages, there are some that don’t. The mixed format ensures that the email clients that do support it see the HTML formatted message, where as the ones that don’t see a plain text version.

The technique involved is to actually send two versions of the message and rely on the email client to read and understand Content-Type: multipart/alternative; header which will make the client only display the supported version.

*** PHP code not fully completed yet ***

Emailing Attachments

Emailing file Attachments work in the same way that mixed format email messages do. The header Content-Type: multipart/mixed; is used and the message split into two parts; one the message and the other the file attachment(s).

This is more complicated than previous email examples, all the steps required are explained below. The examples assume that the email details including the file to be emailed have been submitted to the PHP page from another page.

$to = $_POST['to'];
$from = $_POST['from'];
$subject = $_POST['subject'];
$message = $_POST['message'];

Attributes of the file attachment

The first stage is to extract the required attributed from the file that has been passed. The file details in PHP are stored in an array named $_FILES which are extracted to variables.

// example: /tmp/phpfile12345 – tmp file name and loc where uploaded
$file_loc = $_FILES['fileatt']['tmp_name'];
// example: text/text – will vary depending on file type
$file_type = $_FILES['fileatt']['type'];
// example: mywork.txt – always the name of the file
$file_name = $_FILES['fileatt']['name'];

Extract data from file attachment

The data within the file is required to be placed into a variable then used Base64 encoding to convert (possible) binary data into text. The is_uploaded_file function is used to ensure that the file was in fact uploaded by an http get command, this helps to ensure no malicious activity.

if (is_uploaded_file($file_loc)) {
// Read the file in ‘rb’ read binary
$file = fopen($file_loc,’rb’);
$filedata = fread( $file (comma) filesize ($file_loc));
// Base64 encode the file data
$filedata = chunk_split(base64_encode($filedata));

The data is now in a format that is ready to be emailed, the next stage is producing the standard mail parameters.

Producing mail function

The basic mail parameters are set in the same manor, the diffrences come in the header and message parameters

The header parameter contains the MIME version, the Content-Type: multipart/mixed; declares that there will be an attachment, finally the boundary string (containing random text) is used as a marker to split the message into the two sections.

“\nMIME-Version: 1.0\n” .
“Content-Type: multipart/mixed;\n” .
” boundary=\”==Multipart_Boundary_x45985365x\”";

The message section starts with a declaration which MIME compatible email clients will not show, next is the Multipart Boundary string denoting the beginning of the first section. Following this the usual header information is declared, following by the desired message text.

“This is a multi-part message in MIME format. you should not see this\n\n” .
“–==Multipart_Boundary_x45985365x\n” .
“Content-Type: text/plain; charset=\”iso-8859-1\”\n” .
“Content-Transfer-Encoding: 7bit\n\n” .
“This is the message contents, there should be a file attached to this message”

After the text of the message, the next part is the message attachment which follows the same format as above.

“–==Multipart_Boundary_x45985365x\n” .
“Content-Type: {$file_type};\n” .
” name=\”{$file_} \n” .
“Content-Disposition: attachment;\n” .
” filename=\”{$file_name}\”\n” .
“Content-Transfer-Encoding: base64\n\n” .
$filedata . “\n\n” .
“–==Multipart_Boundary_x45985365x–\n”;

Then message should always have the message boundary string followed by – to signify the end.

To see the fully working source code, please see here

For more information on different MIME types see here
Many thanks to the tutorials where this information came from, W3Schools & PHP & sitepoint