The Windows Process Journey — “mmc.exe” (Microsoft Management Console)
“mmc.exe” is the “Microsoft Management Console” which is responsible for creating/saving/opening consoles (aka administrative tools). They are used in order to manage software/hardware/network components as part of a given system which runs Windows. We can also create our own custom console and distribute it. Those consoles can include different snap-ins, which is a management tool hosted by “mmc.exe” (https://learn.microsoft.com/en-us/troubleshoot/windows-server/system-management-components/what-is-microsoft-management-console).
Moreover, snap-ins/custom console are distributed as part of “*.msc” file, which are as of today are XML files that are parsed “mmc.exe” is order to load the specific snap-ins (http://file.fyicenter.com/143_Windows_.MSC_File_Extension_for_Microsoft_Management_Conso.html). Even a clean installation of Windows comes with a couple of builtin “*.msc” file like: “services.msc” (for managing services), “WF.msc” (for managing the “Windows Defender Firewall”) and “fsmgmt.msc” (for managing shared folders). You can find them (and more) in the following location “%windir%\system32\” (of course we can also create and save them to other places in the filesysem).
At the end, a snap-in leads to a specific “*.dll” which is loaded by “mmc.exe” (“*.msc” can include a reference for a couple of snap-ins). The relevant configuration is stored in the registry under “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns” (https://www.groovypost.com/tips/mmc-exe-windows-process-safe-virus/). The snap-ins are identified using a “CLSID” (as other COM objects) — as seen in the screenshot below. Fun fact about “*.msc” files contain data of the icon we want to be displayed when the file is shown by “explorer.exe” (https://medium.com/@boutnaru/the-windows-process-journey-explorer-exe-windows-explorer-9a96bc79e183) or when “mmc.exe” is executed (as the app icon).
Also, one of the differences between MMC and other management consoles in Windows (like “Control Panel”) is the fact we can also manage remote systems (we have to authenticate for that) — as shown in the screenshot below (on the right side).
Lastly, a reference implementation of the “mmc.exe” executable is included as part of ReactOS (https://github.com/reactos/reactos/tree/master/base/applications/mmc). See you next time ;-) You can also follow me on twitter — @boutnaru (https://twitter.com/boutnaru).
