Search notes:

Docker on Windows: presence of cexecsvc service indicates being inside a container

When using Docker on Windows, it is possible to check if an environment is running inside a container by testing for the presence of the Windows service cexecsvc. If such a service is present, it indicates that the environment is indeed running inside a container.

The following example starts in a non-container environment where no cexecsvc service is running. Then, a new container is created (docker run …) and inside the container, using sc.exe, we find that this service is available (and running):

C:\> sc query cexecsvc
[SC] EnumQueryServicesStatus:OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\> docker run -it mcr.microsoft.com/windows/nanoserver:1809 cmd.exe
C:\> sc query cexecsvc

SERVICE_NAME: cexecsvc
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

Alternatively, we can also look up the service in the registry:

C:\> reg query HKLM\System\CurrentControlSet\Services\cexecsvc
    DependOnService    REG_MULTI_SZ    condrv\0ProfSvc\0nsi
    Description    REG_SZ    @%systemroot%\system32\cexecsvc.exe,-101
    DisplayName    REG_SZ    @%systemroot%\system32\cexecsvc.exe,-100
    ErrorControl    REG_DWORD    0x1
    ImagePath    REG_EXPAND_SZ    %systemroot%\system32\cexecsvc.exe
    ObjectName    REG_SZ    LocalSystem
    ServiceSidType    REG_DWORD    0x1
    Start    REG_DWORD    0x2
    Type    REG_DWORD    0x10

Index