com surrogate
If you poke around in your Task Manager, there’s a good chance you’ll see one or more “COM Surrogate” processes running on a Windows PC. These processes have the file name “dllhost.exe”, and are part of the Windows operating system. You’ll see them on Windows 10, Windows 8, Windows 7, and even earlier versions of Windows.
如果在任務管理器中四處瀏覽,很有可能會在Windows PC上看到一個或多個“ COM Surrogate”進程。 這些進程的文件名為“ dllhost.exe”,并且是Windows操作系統的一部分。 您將在Windows 10,Windows 8,Windows 7甚至Windows的早期版本中看到它們。
This article is part of?our ongoing series?explaining various processes found in Task Manager, like?Runtime Broker,?svchost.exe,?dwm.exe,?ctfmon.exe,?rundll32.exe,?Adobe_Updater.exe, and?many others.?Don’t?know what those services are? Better start reading!
本文是我們正在進行的系列文章的一部分,解釋了在任務管理器中發現的各種過程,例如Runtime Broker , svchost.exe , dwm.exe , ctfmon.exe , rundll32.exe , Adobe_Updater.exe以及許多其他過程。 不知道這些服務是什么? 最好開始閱讀!
什么是COM代理(dllhost.exe)? (What Is COM Surrogate (dllhost.exe)?)
COM stands for Component Object Model. This is an interface Microsoft introduced back in 1993 that allows developers to create “COM objects” using a variety of different programming languages. Essentially, these COM objects plug into other applications and extend them.
COM代表組件對象模型。 這是Microsoft早在1993年引入的界面,允許開發人員使用多種不同的編程語言創建“ COM對象”。 本質上,這些COM對象可插入其他應用程序并對其進行擴展。
For example,?the Windows file manager?uses COM objects to create thumbnail images of images and other files when it opens a folder. The COM object handles processing images, videos, and other files to generate the thumbnails.?This allows File Explorer to be extended with support for new video codecs, for example.
例如,Windows文件管理器在打開文件夾時使用COM對象創建圖像和其他文件的縮略圖。 COM對象處理圖像,視頻和其他文件以生成縮略圖。 例如,這使File Explorer可以擴展為支持新的視頻編解碼器。
However, this can lead to problems. If a COM object crashes, it will take down its host process. At one point, it was common for these thumbnail-generating COM objects to crash and take down the entire Windows Explorer process with them.
但是,這可能會導致問題。 如果COM對象崩潰,它將取消其宿主進程。 在某一時刻,這些生成縮略圖的COM對象崩潰并帶走它們的整個Windows資源管理器過程是很常見的。
To fix this sort of problem, Microsoft created the COM Surrogate process. The COM Surrogate process runs a COM object outside the original process that requested it. If the COM object crashes, it will only take down the COM Surrogate process and the original host process won’t crash. For example, Windows Explorer (now known as File Explorer) starts a COM Surrogate process whenever it needs to generate thumbnail images. The COM Surrogate process hosts the COM object which does the work. If the COM object crashes, only the COM Surrogate crashes and the original File Explorer process will keep on trucking.
為了解決這種問題,Microsoft創建了COM Surrogate進程。 COM Surrogate進程在請求它的原始進程之外運行COM對象。 如果COM對象崩潰,它將僅關閉COM Surrogate進程,并且原始宿主進程不會崩潰。 例如,Windows資源管理器(現在稱為文件資源管理器)在需要生成縮略圖時會啟動COM代理過程。 COM Surrogate進程承載完成工作的COM對象。 如果COM對象崩潰,則只有COM Surrogate崩潰,并且原始的文件資源管理器進程將繼續運行。
“In other words”, as official Microsoft blog The Old New Thing puts it, “the COM Surrogate is the?I don’t feel good about this code, so I’m going to ask COM to host it in another process. That way, if it crashes, it’s the COM Surrogate sacrificial process that crashes instead of me?process.”
正如微軟官方博客The Old New Thing所說,“換句話說”,“ COM Surrogate是我對此代碼不滿意,因此我將要求COM在另一個過程中托管它。 這樣,如果崩潰,則是COM Surrogate犧牲進程崩潰,而不是我進程。”
And, as you might have guessed, COM Surrogate is named “dllhost.exe” because the COM objects it hosts are .dll files.
而且,您可能已經猜到了,COM Surrogate被命名為“ dllhost.exe”,因為它托管的COM對象是.dll文件。
我如何知道一個COM代理托管在哪個COM對象上? (How Can I Tell Which COM Object a COM Surrogate Is Hosting?)
The standard?Windows Task Manager doesn’t give you any more information about which COM object or DLL file a COM Surrogate process is hosting. If you want to see this information, we recommend Microsoft’s Process Explorer tool. Download it and you can just mouse-over a dllhost.exe process in Process Explorer to see which COM Object or DLL file it’s hosting.
標準Windows任務管理器不提供有關COM Surrogate進程承載哪個COM對象或DLL文件的更多信息。 如果要查看此信息,建議使用Microsoft的Process Explorer工具。 下載它,您只需將鼠標懸停在Process Explorer中的dllhost.exe進程上,即可查看它托管的COM對象或DLL文件。
As we can see in the screenshot below, this particular dllhost.exe process is hosting the? CortanaMapiHelper.dll object.
正如我們在下面的屏幕快照中看到的那樣,該特定的dllhost.exe進程托管了CortanaMapiHelper.dll對象。
我可以禁用它嗎? (Can I Disable It?)
You can’t disable the COM Surrogate process, as it’s a?necessary part of Windows. It’s really just a container process that’s used to run COM objects that other processes want to run. For example, Windows Explorer (or File Explorer) regularly creates a COM Surrogate process?to generate thumbnails when you open a folder. Other programs you use may also create their own COM Surrogate processes. All the dllhost.exe processes on your system were started by another program to do?something that program wants done.
您不能禁用COM Surrogate進程,因為它是Windows的必需部分。 它實際上只是一個容器進程,用于運行其他進程要運行的COM對象。 例如,Windows資源管理器(或文件資源管理器)會定期創建COM代理進程,以在您打開文件夾時生成縮略圖。 您使用的其他程序也可能會創建自己的COM Surrogate進程。 系統上的所有dllhost.exe進程均由另一個程序啟動,以執行該程序想要完成的操作。
是病毒嗎? (Is It a Virus?)
The COM Surrogate process itself is not a virus, and is a normal part of Windows. However, it can be used by malware. For example, the Trojan.Poweliks malware uses dllhost.exe processes to do its dirty work. If you see a large number of dllhost.exe processes running and they’re using a noticeable amount of CPU, that could indicate the COM Surrogate process is being?abused by a virus or other malicious application.
COM Surrogate進程本身不是病毒,并且是Windows的正常部分。 但是,它可以被惡意軟件使用。 例如, Trojan.Poweliks惡意軟件使用dllhost.exe進程來完成其骯臟的工作。 如果您看到大量dllhost.exe進程正在運行,并且它們使用的CPU數量明顯,則可能表明COM Surrogate進程已被病毒或其他惡意應用程序濫用。
If you’re concerned that malware is abusing the dllhost.exe or COM Surrogate process, you should run a scan with your preferred antivirus program to find and remove any malware?present on your system. If your antivirus program of choice says everything is fine but you’re suspicious, run a scan with another antivirus tool to get a second opinion.
如果您擔心惡意軟件濫用了dllhost.exe或COM Surrogate進程,則應使用首選的防病毒程序運行掃描,以查找并刪除系統上存在的任何惡意軟件。 如果您選擇的防病毒程序說一切正常,但是您很可疑,請使用另一個防病毒工具運行掃描以獲得第二意見。
翻譯自: https://www.howtogeek.com/326462/what-is-com-surrogate-dllhost.exe-and-why-is-it-running-on-my-pc/
com surrogate
)
智能引號)
)