tags:

views:

52

answers:

2
Q: 

Not able to find classids and interfaces ids in registry.

I am trying to debug some exe in windbg. Now its calling some thirdparty com dll which is exposing DLLGetClassObject function.

DLLGetClassObject signature is

HRESULT __stdcall DllGetClassObject(
  __in   REFCLSID rclsid,
  __in   REFIID riid,
  __out  LPVOID *ppv
);

Looking at stack trace and arguments I can find out the class id and interface id using commands

dt GUID [address]

When I try to search these guids in registry , I am not able to find anything.

Is there something wrong? I should be able to see the com classes and interfaces id in regsitry. Any ideas?

+1  A: 

Probably... If you follow the callstack, is DllGetClassObject invoked by any COM runtime function (CoCreateInstance, CoGetClassObject)?

If so, your CLSID should be found under HKEY_CLASSES_ROOT/CLSID. The interfaces aren't necessarily registered.

Note that there's nothing to prevent an app from loading a DLL and calling DllGetClassObject manually, as long as it knows the threading model requirements of the object to be created.

Kim Gräsman  2009-09-01 05:01:24
so it means that if DllGetClassObject is not called by COM functions then it is not a COM object?and the input parameters can be anything other than clsid or interface ids.
Alien01  2009-09-02 06:09:59
Sort of. It is still a COM object, it's just that it doesn't allow the client to use standard COM activation to instantiate it.
Kim Gräsman  2009-09-02 14:13:27
It's also possible that COM APIs did invoke DllGetClassObject, but the DLL implementing the COM objects is using registration-free COM. In this case, you won't necessarily find any registrations in the registry either...
Reuben  2009-09-05 23:14:31
Good point, Reuben. In that case you should be able to find a manifest next to the application's .exe, describing where the server is and what its threading model requirements are, right?
Kim Gräsman  2009-09-06 08:11:13
+1  A: 

I have another, unrelated, theory -- do you have symbols for the third-party DLL?

If not, the entry in the callstack for a call into said module is usually shown as the offset of the first export in the module + some large offset.

If DllGetClassObject is elected as the "base export" for the module, and the .exe calls a COM method hosted in the module, the callstack will show something like:

  DllGetClassObject + 0x112313
  UseThirdPartyCOMThing + 0x20

where 0x112313 is larger than what you'd expect the code size of DllGetClassObject to be.

So, it could be a red herring -- you might just be seeing a call into the DLL at some offset that isn't matched in your available symbols, and the debugger shows it using whatever information it has available.

Kim Gräsman  2009-09-06 08:19:46
+1 for asking to check for large offset: In a DLL exposing COM objects, traces with any of the "trivially" exported functions is usually a red-herrying: `DllCanUnloadNow`, `DllGetClassObject`, `DllInstall`, `DllRegisterServer`, and `DllUnregisterServer`.
Ashutosh Mehra  2009-09-24 21:00:06

related questions

Exposing nested arrays to COM from .NET
How do you unit-test code that interacts with and instantiates third-party COM objects?
Windows Server 2008: COM error: 0x800706F7 - The stub received bad data
Sample code for using IBM's PCOMM in C# o write an as400 screenscraper
Expose an event handler to VBScript users of my COM object
MapPoint 2009 Load Performance
Managed OleDB provider written in C#
What is the best source for information on COM error codes?
How do I return an array of strings from an ActiveX object to JScript
Maintain the correct version for a COM dll referenced in a .NET project
How to do a simple mail merge in OpenOffice
How do you display a dialog from a hidden window application?
Has .NET made raw COM and DCOM programming redundant ?
COMException "Library not registered." while using System.DirectoryServices
What do I need to do to implement an "out of proc" COM server in C#?
How to implement Type-safe COM enumerations in Delphi ?
Notification of drop in drag-drop in Windows
Sharepoint COMException 0x81020037
How do I unregister COM dlls initially added with RegSvr32 when the /u arg doesn't work?
Delphi and COM: TLB and maintenance issues
Is there a method for handling errors from COM objects in RDML?
How to register COM from VS Setup project?
C++ Problems with #import of .NET out-of-proc server.
How to trace COM objects exceptions?
Unload a COM control when working in VB6 IDE