COM question, how to corelate a COM server(EXE) created by a client request.

GHANASHYAM SATPATHY 301 Reputation points
2020-11-24T08:53:16.807+00:00

Initial question I posted here in below link,

https://social.msdn.microsoft.com/Forums/en-US/12a8e7ff-e5bd-4043-b998-f378ebc363d8/com-question-how-to-corelate-a-com-serverexe-created-by-a-client-request?forum=Offtopic

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
35,959 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. RLWA32 40,286 Reputation points
    2020-11-24T09:23:42.953+00:00

    As I have pointed out in your reference thread, COM does not provide the linkage you desire.

    And even outside of the COM environment obtaining a parent process id does not definitively establish the actual creating process. There are well known ways to start a child process using the Windows API that will result in a child process having a parent process id other than that of the creating parent.

    2 people found this answer helpful.
    0 comments
  2. RLWA32 40,286 Reputation points
    2020-11-24T09:35:06.333+00:00

    Windows does not consider the parent process id to be as important as you seem to think it is.
    I suggest you read this - Not even getting to the airtight hatchway: Creating a process with a different parent

    2 people found this answer helpful.
  3. GHANASHYAM SATPATHY 301 Reputation points
    2020-11-24T09:29:05.13+00:00

    Seems like a disconnect for COM Server technology. Not providing an ability to discover its caller like I have explained. Any other approach in windows anybody can think of that will help in discovering the correlation.

    Thanks

    1 person found this answer helpful.
    0 comments
  4. GHANASHYAM SATPATHY 301 Reputation points
    2020-11-24T10:25:13.92+00:00

    > Request an out-of-process activation of an out-of-process object.

    Can this be intercepted through ETW, WMI or any other technique ?

    1 person found this answer helpful.