Things I learnt this week: SVCHOST

SVCHOST services are configured by having ImagePath set to "%windir%\system32\svchost.exe -k _name-of-service_", and a Parameters key containing ServiceDll (REG_EXPAND_SZ), which names a DLL with a ServiceMain entry point. ServiceMain has argc and argv.