EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Watch for dllhost.exe process to identify un-needed access?

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#10253
Posted: 06/01/2009 10:45:48
by Scott Thede (Standard support level)
Joined: 11/07/2008
Posts: 3

I am using the CBFS to access data that is remote.

Sweet little Explorer loves to poke its nose into every file imaginable, which makes my life very difficult, because I have to download huge files, just so I can take a brief peek at them.

I already have code in place watching for the Explorer.exe process making non-sequential read calls, and in those cases, I return nothing. This seems to shut Explorer up when it comes to some types of files.

But I also have now noticed that dllhost.exe starts hitting files, like MP3 files, when I right click to get information about files in my CBFS.

From what I understand, dllhost.exe is just a sacrificial process that COM creates to launch dodgy code, such as creating exotic thumbnails, or probing files like MP3s.

So without exhaustive testing, my idea was to simply block dllhost.exe from accessing any files. Or put another way, to return nothing, when it tries to read them. Otherwise, when someone right clicks on a folder containing MP3 files, it causes ALL the MP3 files to be downloaded in that folder, which is crazy.

I know that by setting up your CBFS as a network drive, that helps lessen the number of thumbnails generated by Explorer, but what about blocking dllhost.exe?

Anyways, I would like anyones opinion as to if they think that would totally screw some operations, or if they think it wouldn't effect much. I think I would add it as a feature that can be turned on or off. But I don't want it if it just messes everything.

So in short, is watching for the dllhost.exe process a good way to identify if un-needed file access is occuring?

Thanks.
#10256
Posted: 06/01/2009 11:27:31
by Eugene Mayevski (EldoS Corp.)

I would take a risk and block dllhost until some of your user complains. When he does, then you can narrow down the problem to some more specific use cases and then decide what to do next.


Sincerely yours
Eugene Mayevski
#10257
Posted: 06/01/2009 12:34:41
by Kurt Griffiths (Standard support level)
Joined: 12/08/2008
Posts: 34

You might also try creating a shell extension to intercept some of those requests.

http://msf.codeplex.com/
#10260
Posted: 06/01/2009 13:18:07
by Eugene Mayevski (EldoS Corp.)

Can you please explain how such extension would solve the problem of unneeded requests? I investigated this topic as I was searching for a way to tell Explorer not to read information from files, but I couldn't see a good way to do this.

There exists a method in one of interfaces that determines whether the information can be requested, but if you implement this interface, you need to write a complete shell extension for displaying your virtual disk. Did you think about this approach or you have some other idea in mind?


Sincerely yours
Eugene Mayevski
#10261
Posted: 06/02/2009 10:08:58
by Kurt Griffiths (Standard support level)
Joined: 12/08/2008
Posts: 34

I was thinking specifically about implementing several shell extensions such as the following:

-- Icon Handler
-- Thumbnail Image Handler
-- Tooltip Handler

They would only override the default Explorer behavior for files located on the virtual disk. I realize that there may be some extra information Explorer tries to read, esp. on Vista for the preview panel, but this is a step in the right direction and avoids breaking other apps that may rely on dllhost.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 2960 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!