How can I figure out which object is being hosted in an instance of dllhost?
source link: https://devblogs.microsoft.com/oldnewthing/20210802-00/?p=105510
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
How can I figure out which object is being hosted in an instance of dllhost?
Raymond
August 2nd, 2021
We saw some time ago that the dllhost.exe
process goes by the name COM Surrogate and is used when a COM object is configured to run in a separate process.
If you have found an instance of the dllhost.exe
process, how can you figure out which COM object is running inside it? For example, maybe you are debugging an out-of-process COM object and you want to find the dllhost.exe
that is hosting it, so you can debug further. Or you’re studying a crash of dllhost.exe
and you want to know what object the crashed dllhost.exe
was working with.
Note that this information is for debugging purposes only.
The information is encoded in the dllhost.exe
command line. From the debugger, you can use the !peb
command to view the command line. You can also ask Task Manager to show the command line by going to the Details page and turning on the Command line column.
From the command line, extract the GUID. That is the AppId of the object loaded into the dllhost.exe
process. You can look up this GUID in the registry under HKEY_CLASSES_ROOT\AppId\{Guid}
. That will give you some information about what the object is. To obtain the CLSID that corresponds to the AppId, go to HKEY_CLASSES_ROOT\CLSID
and search for the AppId GUID. It will be a value inside one of the CLSID entries. That’s the object.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK