When the sandboxed code is called, the Execution Manager (running in the w3wp.exe) makes a call to an application server running the User Code Service (SPUCHostService.exe). The User Code Service then tells the Worker Service (SPUCWorkerProcess.exe) to load the sandbox code. The code is then verified to ensure only calls to the subset of the API allowed by the Sandbox API are called. The worker process then executes the code against the Worker Proxy (SPUCWorkerProcessProxy.exe) which has full access to the SharePoint API (but the sandboxed code has already been disallowed from using the non-subset portion of the API by the Worker Service).
When debugging sandboxed solutions, you'll need to attach to the SPUCWorkerProcess.exe to step through your code.
Finally, the exe's for all the .exe's metioned above (except w3wp.exe) can be found in your 14\UserCode directory.