Question:
is dwm.exe harmful?
2008-03-02 01:35:17 UTC
is it a virus or what?
Three answers:
Fernando R
2008-03-02 01:42:42 UTC
Hi Estafahan,



No, it isn't. Don't worry.

I found a document especially for you from wikipedia about that file.



DWM.EXE it's Desktop Windows Manager.





Desktop Window Manager (DWM, previously Desktop Compositing Engine or DCE) is a compositing window manager, introduced with Windows Vista, that enables the Windows Aero user interface.



DWM requires graphics cards supporting DirectX 9.0 and Shader Model 2.0. DWM is not included with Windows Vista starter edition; and while it is included with Windows Vista Home Basic edition, the Windows Aero interface is not supported.

Contents as:

1 Architecture

2 Redirection

3 References

4 External links





Architecture



With DWM running, applications do not draw directly to the video memory, but to off-screen buffers in system memory that are then composited together by DWM to render the final screen, a number of times per second. In that sense, it is similar to the Quartz compositor in Mac OS X. Because the compositor has access to the graphics of all applications, it easily allows effects that string together visuals from multiple applications, such as transparency. DWM uses DirectX to perform the function of compositing and rendering in the GPU, freeing the CPU of the task of managing the rendering from the off-screen buffers to the display. However, it does not affect applications painting to the off-screen buffers; depending on the technologies used for that, it might still be CPU bound. DWM-agnostic rendering techniques like GDI are redirected to the buffers by rendering the UI as bitmaps. DWM-aware rendering technologies like WPF-directly make the internal data structures available in a DWM-compatible format. The window contents in the buffers are then converted to DirectX textures.



The desktop itself is a full-screen Direct3D surface, with windows being represented as a mesh consisting of two adjacent (and mutually-inverted) triangles, which are transformed to represent a 2D rectangle. The texture, representing the UI chrome, is then mapped onto these rectangles. Window transitions are implemented as transformations of the meshes, using shader programs. With Windows Vista, the transitions are limited to the set of built-in shaders that implement the transformations. With future releases, it might be opened up for developers and users to plug in their own effects.[2] DWM only maps the primary desktop object as a 3D surface; other desktop objects, including virtual desktops as well as the secure desktop used by User Account Control are not.



Windows Flip 3D demonstrates multiple features of DWM: 3D transformation of 2D planes, scaling and translating the bitmaps to a different position, embedding dynamic views of one application in another and use of custom shader programs.



The blur effect of Windows Aero, which blurs the background when viewing through the Window borders, is enabled by the DWM compositing manager, using custom pixel shader programs.



Since all applications render to an off-screen buffer, they can be read off the buffer embedded in other applications as well. Since the off-screen buffer is constantly updated by the application, the embedded rendering will be a dynamic representation of the application window and not a static rendering. This is how the live thumbnail previews, Windows Flip and Windows Flip 3D work in Windows Vista. In fact, DWM exposes a public API that allows applications to access thumbnail representations of other application windows. However, the size of the thumbnail is not fixed; applications can request the thumbnails at any size - smaller than the original window, at the same size or even larger - and DWM will scale them properly before returning. Windows Flip 3D uses the thumbnail APIs to get the window representations as bitmaps, and then uses that as texture for 2D rectangles, which are further processed by custom shaders to transform them to 3D meshes and rotate them in a 3D plane.



DWM uses Media Integration Layer (MIL), the unmanaged compositor which it shares with Windows Presentation Foundation, to represent the windows as composition nodes in a composition tree, representing the desktop and all the windows hosted in it, which are then rendered by MIL from back of the scene to the front. Since all the windows contribute to the final image, the color of a resultant pixel can be decided by more than one window. This is used to implement effects such as per-pixel transparency. DWM allows custom shaders to be invoked to control how pixels from multiple applications are used create the resultant pixel. DWM includes built-in Pixel shader 2.0 programs that computes the color of a pixel in a window by averaging the color of the pixel as determined by the window behind it and its neighboring pixels. These shaders are used by DWM to achieve the blur effect in the window borders of windows managed by DWM, and optionally for the areas where it is requested by the application.



Since MIL provides a retained mode graphics system by caching the composition trees, the job repainting and refreshing the screen when windows are moved is handled by DWM and MIL, freeing the application of the responsibility. The background data is already in the composition tree and the off-screen buffers, that is directly used to render the background, without having the background applications to re-render themselves by sending them the WM_PAINT message, as was the case with pre-Vista Windows OSs. DWM uses double buffered graphics to do away with flickering and tearing during window moves. The compositing engine takes care of optimizations such as culling to improve performance, as well as not redrawing areas that haven't changed. Because the compositor is multi-monitor aware, DWM natively supports that too.



Redirection



For rendering techniques that are not DWM-aware, output must be redirected to the DWM buffers. With Windows, either GDI or DirectX can be used for rendering. To make these two work with DWM, redirection techniques for both are provided with DWM.



With GDI, which is the most used UI rendering technique in Microsoft Windows, each application window is notified when it or a part of it comes in view and it is the job of the application to render itself. Without DWM, the rendering rasterizes the UI in a buffer in video memory, from where it is rendered to the screen. Under DWM, a buffer equal to the size of the window is allocated in system memory. GDI calls are redirected to write their outputs to this buffer, rather than the video memory. Another buffer is allocated in the video memory to represent the DirectX surface, which is used as the texture for the Window meshes. The system memory buffer is converted to the DirectX surface separately, and kept in sync. This round-about route is required as GDI cannot output directly in DirectX pixel format. The surface is read by the compositor and composite the desktop in video memory. Writing the output of GDI to system memory is not hardware accelerated, nor is conversion to DirectX surface. When a GDI window is minimized, by limitations of GDI, the buffer is no longer updated. So, DWM uses the last bitmap rendered to the buffer before the application was minimized.



For applications using DirectX to write to a 3D surface, the DirectX implementation in Windows Vista uses WDDM to share the surface with DWM. DWM then uses the surface directly and maps it on to the window meshes. For WPF applications, which are DirectX applications, the compositor renders to such shared surfaces, which are then composited into the final desktop.[6] Applications can mix either rendering technique across multiple child windows, as long as both GDI and DirectX are not used to render the same window. In that case, the ordering between DirectX and GDI rendering cannot be guaranteed, and as such it cannot be guaranteed whether the GDI bitmap from the system memory has been translated to the video memory surface. So, the final composition may not contain the GDI-rendered elements. To prevent this, DWM is temporarily turned off, as long as an application which mixes GDI and DirectX is running.



Greetings,



Mr. Ramos

Security Information Engineer

Vancouver, British Columbia, Canada
2008-03-02 10:21:15 UTC
And here is the short version ,One of the new features in Windows Vista is the Desktop Window Manager (DWM). It responsible for the graphical effects such as live window previews and a glass-like frame around windows (Aero Glass), without draining your CPU. A DWM-capable graphics card is required to enable the 3D effects and Aero Glass. (In older Windows Vista Beta versions, the DWM effects are controlled by the User Experience Session Management Service via "uxss.exe".) You can increase the computer performance if you switch to Classic Mode (turn off Aero Glass and Animations), or reducing the screen resolution.



Note: The dwm.exe file is located in the folder C:\Windows\System32. In other cases, dwm.exe is a virus, spyware, trojan or worm!
James
2013-10-16 00:03:12 UTC
There is a virus that masquerades itself as DWM.exe there is also a legitimate file called DWM.exe.



The virus dwm.exe can be found in the following directory.

User\AppData\Roaming\dwm.exe

User\AppData\Roaming\E11E.576

User\AppData\Microsoft\conhost.exe

User\AppData\Local\Temp\csrss.exe



If it is not in one of those directories then you are good.



The legitimate DWM.exe is found here(in windows7): C:\Windows\System32



Here is a video showing how to remove the legitimate version of DWM.exe. You may want to do this to improve your PC's startup time and performance. This will disable windows Aero, and you will need to start the service before you will be able to use Aero again.

https://www.youtube.com/watch?v=CGD7fDV_Xj4

If you discover you do have the virus DWM.exe then you can view this video to find out how to remove the virus.

http://www.youtube.com/watch?v=h3kRLtnmeZ4


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...