{"id":105510,"date":"2021-08-02T07:00:00","date_gmt":"2021-08-02T14:00:00","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/oldnewthing\/?p=105510"},"modified":"2021-08-01T20:48:44","modified_gmt":"2021-08-02T03:48:44","slug":"20210802-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20210802-00\/?p=105510","title":{"rendered":"How can I figure out which object is being hosted in an instance of dllhost?"},"content":{"rendered":"<p>We saw some time ago that the <code>dllhost.exe<\/code> process goes by the name <i>COM Surrogate<\/i> and is used <a href=\"https:\/\/devblogs.microsoft.com\/oldnewthing\/20090212-00\/?p=19173\"> when a COM object is configured to run in a separate process<\/a>.<\/p>\n<p>If you have found an instance of the <code>dllhost.exe<\/code> process, how can you figure out which COM object is running inside it? For example, maybe you are debugging an out-of-process COM object and you want to find the <code>dllhost.exe<\/code> that is hosting it, so you can debug further. Or you&#8217;re studying a crash of <code>dllhost.exe<\/code> and you want to know what object the crashed <code>dllhost.exe<\/code> was working with.<\/p>\n<p>Note that this information is for debugging purposes only.<\/p>\n<p>The information is encoded in the <code>dllhost.exe<\/code> command line. From the debugger, you can use the <code>!peb<\/code> command to view the command line. You can also ask Task Manager to show the command line by going to the <i>Details<\/i> page and turning on the <i>Command line<\/i> column.<\/p>\n<p>From the command line, extract the GUID. That is the AppId of the object loaded into the <code>dllhost.exe<\/code> process. You can look up this GUID in the registry under <code>HKEY_<wbr \/>CLASSES_<wbr \/>ROOT\\<wbr \/>AppId\\<wbr \/>{Guid}<\/code>. That will give you some information about what the object is. To obtain the CLSID that corresponds to the AppId, go to <code>HKEY_<wbr \/>CLASSES_<wbr \/>ROOT\\<wbr \/>CLSID<\/code> and search for the AppId GUID. It will be a value inside one of the CLSID entries. That&#8217;s the object.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Finding the object.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-105510","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"<p>Finding the object.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/105510","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=105510"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/105510\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=105510"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=105510"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=105510"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}