In WinXP SP2, there is a service called “DCOM server
process launcher” run via svchost.exe. Today I noticed
in Process Explorer that there is a “iexplore.exe”
process running as a child of this svchost.exe, and
tracking back how I started this instance of Internet
Explorer, I had clicked on “2 new email messages” in
the MSN Messenger (6.2). This is very interesting and
I dont know why internet explorer does not show up as
a child process of MSN Messenger itself. Anyone knows
why?
I was curious, I then attached windbg to this
svchost.exe and put a breakpoint on NtCreateProcessEx,
and you know what, the breakpoint is hit even if I
start IE from the Windows Explorer shortcuts. Infact,
the breakpoint is hit for every process that I start
from windows explorer. The difference, however, is
that the process is still created as a child of
explorer.exe and not as a child of svchost.exe when I
start from Windows explorer.
The questions I have are:
- What is its purpose and how exactly does this DCOM
server process launcher work? - How do you communicate with it to start a new
process? - What decides on who is going to launch the new
process? svchost or calling process?
PS: I’m not sure if I can ask this question on this
mailing list, if it is not and you know an alternate
forum which is right, please let me know.
thanks in advance,
–r
Yahoo! Music Unlimited
Access over 1 million songs. Try it free.
http://music.yahoo.com/unlimited/