Solved

Functionality of CLSID registry key.

Posted on 2007-11-19
9
1,983 Views
Last Modified: 2013-12-04
What internal Windows effect does changing the value, "…path to dll …",  of the following key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32]
@="…path to dll …"



For example, if one changes this value from
C:\\WINDOWS\\system32\\shdocvw.dll
to
@="C:\\WINDOWS\\system32\\ieframe.dll"

then program containing object coded in *.vbp project file:
Object={EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}#1.1#0; shdocvw.dll

begins to behave differently: it begins to crash with error -1 for example.
In particular, it is unclear why  shdocvw has GUID 8856F961-340A-11D0- in registry and
EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B

Thank you.





0
Comment
Question by:beaverton8770
  • 6
  • 2
9 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 300 total points
ID: 20320256
One DLL can serve more than one CLSID. That in fact is the common case. When a COM object is requested, the system loads the DLL registered in the registry and calls the DLLs 'DllGetClassObject()' (http://msdn2.microsoft.com/en-us/library/ms680760.aspx) function passing the CLSID in question (plus the IID). Then that function constructs the requested object in question depending on the CLSID and the IID and returns it.
0
 

Author Comment

by:beaverton8770
ID: 20320542
I must correct question's text. When pasted from text editor, some characters got corrupted and appeared as: …path to dll …
Instead they should mean "... path to dll ... ".

0
 

Author Comment

by:beaverton8770
ID: 20320674
Thank you jkr

If "One DLL can serve more than one CLSID", then DllGetClassObject must call
EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B
which is referenced in VB application and must not call
8856F961-340A-11D0-A96B-00C04FD705A2.
Hence, change in
8856F961-340A-11D0-A96B-00C04FD705A2 reference to dll should not matter, because this CLASS ID is never called. But it matters. Why?

Thank you.
0
 

Author Comment

by:beaverton8770
ID: 20320802
Correction to question (adding clause "in application"):

Written:

In particular, it is unclear why  shdocvw has GUID 8856F961-340A-11D0- in registry and
EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B

Must be:

In particular, it is unclear why  shdocvw has GUID 8856F961-340A-11D0- in registry and
EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B in application.


0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 28

Assisted Solution

by:pepr
pepr earned 200 total points
ID: 20320805
CLSID is generated to be unique worldwide. Think about its value as about very unique for a single purpose. If it was created as identification of some COM class then the InProcServer32 says where the dll that implements that COM is located. The registry entry is created by that dll via registering. Unless you have another copy of the same dll in another path, it is very likely that the system will try to create an instance of that COM class using the dll that does not implement it.

In other words, by changing the path to the dll to something else you want system to "grow onions on the apple tree".

Technically, the name of the component (or some of its interface) can be converted to CLSID. The CLSID is used for searching technical information related to the component. The InProcServer32 says what DLL implements the functionality. The system then loads the DLL and tries to create the instance of the wanted something. All of that can be hidden in one high-level command.
0
 

Author Comment

by:beaverton8770
ID: 20321245
Thank you pepr.
Apparently you explanation is irrelevant to the question.
From my understanding, the scenario roughly is:

Application -> CLSID EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B -> OS ->
CLSID EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B in registry -> OS -> dll

You explain arrows 4 and 5. But, the question is about arrow 3:

why:  OS -> CLSID 8856F961-340A-11D0-A96B-00C04FD705A2
In other words, what derails OS from the correct CLSID?

0
 

Author Closing Comment

by:beaverton8770
ID: 31410051
Question is not-answered
0
 
LVL 28

Expert Comment

by:pepr
ID: 20425865
Well beaverton8770. Thanks for the points. But if it does not anwer your question then you should not accept it. If you try regedit and search for the "shdocvw" you will find many entries that point to that DLL. It means that the related functionality is implemented by that DLL. You cannot change the value of the InProcServer32 to say "C:\\WINDOWS\\system32\\ieframe.dll" because it does not implement the functionality. Or I do not understand your question.

P.S. When searching for the shdocvw, the word Dotfuscator blicked to my eye. I am not sure but it can possibly change also the CLSIDs so that every compilation uses different ones (to discourage the reverse engineering).
0
 

Author Comment

by:beaverton8770
ID: 20428129
In palin words the question is:
Application calls EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B
But this call is diverted to 8856F961-340A-11D0-A96B-00C04FD705A2
Why?

All what you say and jkr said is about processes which happen after CLSID
8856F961-340A-11D0-A96B-00C04FD705A2 is called. In other words, you explain things which happen after problem already happened in the past.

In other words, I already clarified this:
"You explain arrows 4 and 5. But, the question is about arrow 3:", but apparently you still speaking about 4 and 5 and ignore 3.

This is not a question, but relates to the question:
"You cannot change the value of the InProcServer32 to say "C:\\WINDOWS\\system32\\ieframe.dll" because it does not implement the functionality". I don't change it intentionally. I think IE7 installation process makes this change. But as I said above this change must be irrelevant, but it is not. Because when I change it back to shdocvw.dll, application stops crashing. So, the question again is why this change is not irrelevant.

Why I accept the question? I remember heated discussions whey I did not accept the qestion and disputes were always forcibly accepted by moderators against my will. This is a culture of EE. Now on I am trying just to avoid discussions with moderators, but state my own opinion in comment.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This article describes how to programmatically preset the "Pages per Sheet" option that's available with most printer drivers.   This setting lets you do "n-Up" printing, where two, four, or more pages are printed on each sheet of paper. If your …
What my article will show is if you ever had to do processing to a listbox without being able to just select all the items in it. My software Visual Studio 2008 crystal report v11 My issue was I wanted to add crystal report to a form and show…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now