Killing a Windows Service that seems to hang on "Stopping"

It sometimes happens (and it's not a good sign most of the time): you'd like to stop a Windows Service, and when you issue the stop command through the SCM (Service Control Manager) or by using the ServiceProcess classes in the .NET Framework or by other means (net stop, Win32 API), the service remains in the state of "stopping" and never reaches the stopped phase. It's pretty simple to simulate this behavior by creating a Windows Service in C# (or any .NET language whatsoever) and adding an infinite loop in the Stop method. The only way to stop the service is by killing the process then. However, sometimes it's not clear what the process name or ID is (e.g. when you're running a service hosting application that can cope with multiple instances such as SQL Server Notification Services). The way to do it is as follows:

1. Go to the command-prompt and query the service (e.g. the SMTP service) by using sc:
   
   sc queryex SMTPSvc
2. This will give you the following information:
   
   SERVICE_NAME: SMTPSvc
           TYPE               : 20  WIN32_SHARE_PROCESS
           STATE              : 4  RUNNING
                                   (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
           WIN32_EXIT_CODE    : 0  (0x0)
           SERVICE_EXIT_CODE  : 0  (0x0)
           CHECKPOINT         : 0x0
           WAIT_HINT          : 0x0
           PID                : 388
           FLAGS              :
   
   or something like this (the "state" will mention stopping).
3. Over here you can find the process identifier (PID), so it's pretty easy to kill the associated process either by using the task manager or by using taskkill:
   
   taskkill /PID 388 /F
   
   where the /F flag is needed to force the process kill (first try without the flag).

Please be careful when you do this; it's useful for emergencies but you shouldn't use it on a regular basis (use it as a last chance to solve the problem or to avoid the need of a reboot in an exceptional situation). It can even be used to stop a service that has the "NOT-STOPPABLE" and/or "IGNORES_SHUTDOWN" flag set (e.g. Terminal Services on a Windows Server 2003 is non-stoppable), at least when it's not hosted in the system process. You can query all this information by means of the sc command.
For real freaks (don't do this on a production machine!): if you want to show the behavior of the "Blaster" worm which caused the RPC service to stop, try to stop the RPC service (but safe your work first :-)). It's pretty simple to do if you have administrative privileges (just a great example of why you should NOT run as a high-privileged user on the system). When you succeed in killing the process (pretty straightforward), you'll see the shutdown countdown popping up (if you've seen Blaster in action in the past, you'll have a deja-vu). You can stop this by typing the command shutdown -a (abort shutdown), as I posted previously in the Blaster-timeframe since this wasn't known very well and it was quite useful to abort the started shutdown in order to apply the patch. You can even restart the service then by using sc again. Notice that if the RPC is stopped, you can't even connect to the MMC console for the Services management (services.msc) since this relies on RPC. So, you really can't start the service again by using the MMC snap-in. The only way to start the service again is by using sc start <servicename>. The output of this (nice but at the same time ugly) demo looks like this (again, don't try this at home; I'm not responsible for any damage or data loss possible):
C:\Documents and Settings\Administrator>sc queryex rpcss
SERVICE_NAME: rpcss
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN))
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2332
        FLAGS              :
C:\Documents and Settings\Administrator>taskkill /pid 2332 /FSUCCESS: The process with PID 2332 has been terminated.

C:\Documents and Settings\Administrator>shutdown /a
C:\Documents and Settings\Administrator>sc start rpcss
SERVICE_NAME: rpcss
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 2  START_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN))
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x7d0
        PID                : 2520
        FLAGS              :
C:\Documents and Settings\Administrator>sc queryex rpcss
SERVICE_NAME: rpcss
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN))
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2520
        FLAGS              :
If you decide to try it (ignoring my warnings), don't rely on the system afterwards since various applications will have suffered from this. I'm experimenting with these things myself only on a Virtual PC with undo disks enabled.
To go short: sc is one of my favorite commands to mess around with services (install, uninstall, etc) and to query for information on services. The sc command can also be used to query all the active drivers on the system. If you don't like system-beeps for example, you can use sc stop Beep to stop the according driver. But please again, be careful when you play with it. Fortunately, disastrous driver stoppings are not possible and will be denied by sc.
More info on sc.exe can be found via http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sc.mspx.


source: http://community.bartdesmet.net/blogs/bart/archive/2004/10/16/438.aspx