com surrogate
If you poke around in your Task Manager, there’s a good chance you’ll see one or more “COM Surrogate” processes running on a Windows PC. These processes have the file name “dllhost.exe”, and are part of the Windows operating system. You’ll see them on Windows 10, Windows 8, Windows 7, and even earlier versions of Windows.
如果在任务管理器中四处浏览,很有可能会在Windows PC上看到一个或多个“ COM Surrogate”进程。 这些进程的文件名为“ dllhost.exe”,并且是Windows操作系统的一部分。 您将在Windows 10,Windows 8,Windows 7甚至Windows的早期版本中看到它们。
This article is part of our ongoing series explaining various processes found in Task Manager, like Runtime Broker, svchost.exe, dwm.exe, ctfmon.exe, rundll32.exe, Adobe_Updater.exe, and many others. Don’t know what those services are? Better start reading!
本文是我们正在进行的系列文章的一部分,解释了在任务管理器中发现的各种过程,例如Runtime Broker , svchost.exe , dwm.exe , ctfmon.exe , rundll32.exe , Adobe_Updater.exe以及许多其他过程。 不知道这些服务是什么? 最好开始阅读!
什么是COM代理(dllhost.exe)? (What Is COM Surrogate (dllhost.exe)?)
COM stands for Component Object Model. This is an interface Microsoft introduced back in 1993 that allows developers to create “COM objects” using a variety of different programming languages. Essentially, these COM objects plug into other applications and extend them.
COM代表组件对象模型。 这是Microsoft早在1993年引入的界面,允许开发人员使用多种不同的编程语言创建“ COM对象”。 本质上,这些COM对象可插入其他应用程序并对其进行扩展。
For example, the Windows file manager uses COM objects to create thumbnail images of images and other files when it opens a folder. The COM object handles processing images, videos, and other files to generate the thumbnails. This allows File Explorer to be extended with support for new video codecs, for example.
例如,Windows文件管理器在打开文件夹时使用COM对象创建图像和其他文件的缩略图。 COM对象处理图像,视频和其他文件以生成缩略图。 例如,这使File Explorer可以扩展为支持新的视频编解码器。
However, this can lead to problems. If a COM object crashes, it will take down its host process. At one point, it was common for these thumbnail-generating COM objects to crash and take down the entire Windows Explorer process with them.
但是,这可能会导致问题。 如果COM对象崩溃,它将取消其宿主进程。 在某一时刻,这些生成缩略图的COM对象崩溃并带走它们的整个Windows资源管理器过程是很常见的。
To fix this sort of problem, Microsoft created the COM Surrogate process. The COM Surrogate process runs a COM object outside the original process that requested it. If the COM object crashes, it will only take down the COM Surrogate process and the original host process won’t crash. For example, Windows Explorer (now known as File Explorer) starts a COM Surrogate process whenever it needs to generate thumbnail images. The COM Surrogate process hosts the COM object which does the work. If the COM object crashes, only the COM Surrogate crashes and the original File Explorer process will keep on trucking.
为了解决这种问题,Microsoft创建了COM Surrogate进程。 COM Surrogate进程在请求它的原始进程之外运行COM对象。 如果COM对象崩溃,它将仅关闭COM Surrogate进程,并且原始宿主进程不会崩溃。 例如,Windows资源管理器(现在称为文件资源管理器)在需要生成缩略图时会启动COM代理过程。 COM Surrogate进程承载完成工作的COM对象。 如果COM对象崩溃,则只有COM Surrogate崩溃,并且原始的文件资源管理器进程将继续运行。
“In other words”, as official Microsoft blog The Old New Thing puts it, “the COM Surrogate is the I don’t feel good about this code, so I’m going to ask COM to host it in another process. That way, if it crashes, it’s the COM Surrogate sacrificial process that crashes instead of me process.”
正如微软官方博客The Old New Thing所说,“换句话说”,“ COM Surrogate是我对此代码不满意,因此我将要求COM在另一个过程中托管它。 这样,如果崩溃,则是COM Surrogate牺牲进程崩溃,而不是我进程。”
And, as you might have guessed, COM Surrogate is named “dllhost.exe” because the COM objects it hosts are .dll files.
而且,您可能已经猜到了,COM Surrogate被命名为“ dllhost.exe”,因为它托管的COM对象是.dll文件。
我如何知道一个COM代理托管在哪个COM对象上? (How Can I Tell Which COM Object a COM Surrogate Is Hosting?)
The standard Windows Task Manager doesn’t give you any more information about which COM object or DLL file a COM Surrogate process is hosting. If you want to see this information, we recommend Microsoft’s Process Explorer tool. Download it and you can just mouse-over a dllhost.exe process in Process Explorer to see which COM Object or DLL file it’s hosting.
标准Windows任务管理器不提供有关COM Surrogate进程承载哪个COM对象或DLL文件的更多信息。 如果要查看此信息,建议使用Microsoft的Process Explorer工具。 下载它,您只需将鼠标悬停在Process Explorer中的dllhost.exe进程上,即可查看它托管的COM对象或DLL文件。
As we can see in the screenshot below, this particular dllhost.exe process is hosting the CortanaMapiHelper.dll object.
正如我们在下面的屏幕快照中看到的那样,该特定的dllhost.exe进程托管了CortanaMapiHelper.dll对象。
我可以禁用它吗? (Can I Disable It?)
You can’t disable the COM Surrogate process, as it’s a necessary part of Windows. It’s really just a container process that’s used to run COM objects that other processes want to run. For example, Windows Explorer (or File Explorer) regularly creates a COM Surrogate process to generate thumbnails when you open a folder. Other programs you use may also create their own COM Surrogate processes. All the dllhost.exe processes on your system were started by another program to do something that program wants done.
您不能禁用COM Surrogate进程,因为它是Windows的必需部分。 它实际上只是一个容器进程,用于运行其他进程要运行的COM对象。 例如,Windows资源管理器(或文件资源管理器)会定期创建COM代理进程,以在您打开文件夹时生成缩略图。 您使用的其他程序也可能会创建自己的COM Surrogate进程。 系统上的所有dllhost.exe进程均由另一个程序启动,以执行该程序想要完成的操作。
是病毒吗? (Is It a Virus?)
The COM Surrogate process itself is not a virus, and is a normal part of Windows. However, it can be used by malware. For example, the Trojan.Poweliks malware uses dllhost.exe processes to do its dirty work. If you see a large number of dllhost.exe processes running and they’re using a noticeable amount of CPU, that could indicate the COM Surrogate process is being abused by a virus or other malicious application.
COM Surrogate进程本身不是病毒,并且是Windows的正常部分。 但是,它可以被恶意软件使用。 例如, Trojan.Poweliks恶意软件使用dllhost.exe进程来完成其肮脏的工作。 如果您看到大量dllhost.exe进程正在运行,并且它们使用的CPU数量明显,则可能表明COM Surrogate进程已被病毒或其他恶意应用程序滥用。
If you’re concerned that malware is abusing the dllhost.exe or COM Surrogate process, you should run a scan with your preferred antivirus program to find and remove any malware present on your system. If your antivirus program of choice says everything is fine but you’re suspicious, run a scan with another antivirus tool to get a second opinion.
如果您担心恶意软件滥用了dllhost.exe或COM Surrogate进程,则应使用首选的防病毒程序运行扫描,以查找并删除系统上存在的任何恶意软件。 如果您选择的防病毒程序说一切正常,但是您很可疑,请使用另一个防病毒工具运行扫描以获得第二意见。
翻译自: https://www.howtogeek.com/326462/what-is-com-surrogate-dllhost.exe-and-why-is-it-running-on-my-pc/
com surrogate
