Re: " 'Com Surrogate' Has stopped workkng."

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Dale" <nospam@xxxxxxxxxxx>
• Date: Sat, 3 Mar 2007 11:03:23 -0600

---

"Scott" <me@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:crqiu2p11k09tb8u5cq15r375mon66u6h4@xxxxxxxxxx

And why does COM have a surrogate?

COM dll's cannot be loaded directly. They have to be called loaded by an executable program. the COM surrogate, dllhost.exe, allows COM objects to be built in a dll and then exposed by dllhost.exe. There are serious risks in doing this and Microsoft should abandon the practice immediately. I really had hoped they would, given their stated interests in improving security with Windows Vista. When you allow access through your firewall to dllhost.exe, you open your firewall to every single dllhost.exe instance in your PC:

http://blogs.msdn.com/robgruen/archive/2004/08/18/216685.aspx

Dllhost, rundll32, and svchost are three system applications that, while having legitimate system uses, can all be used to hide the process that is really running on your PC. They each host DLLs, allowing the DLLs to be run as applications. But when you use TaskManager to view running applicatoins, the actual DLL's running are not listed, only the hosts are listed. Each of them fail to display the real name or file location of the processes that they hide. And the risks outlined in the link above apply equally to runndll32, svchost, and dllhost, though the article only refers to dllhost.

While there are tools by which you can determine what applications these three hosts are hiding from you, those tools are generally considered advanced tools. That means that, for most users, all three of those hosts are effective means of hiding programs.

Like I said, I wish Microsoft would drop all three of these tools immediately. There is no reason for an application to be built in a DLL rather than in a real executable.

Dale

Thanks.

.

---

• Follow-Ups:
  • Re: " 'Com Surrogate' Has stopped workkng."
    • From: Scott

• References:
  • " 'Com Surrogate' Has stopped workkng."
    • From: Scott

• Prev by Date: Re: Where are the stars?
• Next by Date: Re: MuisicGiant Lossless Songs won't play on SanDisk Sansa because they are lossless and don't convert
• Previous by thread: " 'Com Surrogate' Has stopped workkng."
• Next by thread: Re: " 'Com Surrogate' Has stopped workkng."
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: COM Surrogate ... if I want to allow COM Surrogate to acces the internet. ... Dllhost, rundll32, and svchost are three system applications that, while ... the actual DLL's running are not listed, only the hosts are listed. ... There is no reason for an application to be built in a DLL ... (microsoft.public.windowsmedia) Re: Development for VGA resolution in C# - how? ... > If this was possible then i could look for our applications loaded on the ... > which explains the concept of how to stamp an exe then i would be very ... >>> Robert, ... The EXE's are just a shell which load the DLL and passes ... (microsoft.public.pocketpc.developer) General DLL Questions - Best Practices? Suggestions? Comments? ... So we develop and maintain several applications used by several people ... rewrites of all the VB6 apps. ... The VB6 executables are all stored in a network folder, ... runs regsvr32.exe for each dll. ... (microsoft.public.dotnet.general) Re: Why use DLLs? ... applications and you'll reap the benefits in the long run. ... > EXE would contain minimal logic. ... >>>> into a DLL. ... >> develop and test them separately ... (microsoft.public.dotnet.general) Re: Application sniffer ... networks and is able to tell you which applications ... are running on your hosts. ... > SA Outsourcing Pty. ... (Focus-Microsoft)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Media  > microsoft.public.windowsmedia.player  > 2007-03