This blog post sets up the stage for our
Hack in the box presentation in Amsterdam on May 19.
Those familiar with Windows
COM servers know that they come in two types,
in-process and
out-of-process. For this post, the former type is of interest: an in-process COM server is a dynamic link library (DLL) that a COM client instantiates when needed, usually by calling the
CoCreateInstance function with the class identifier (CLSID) of the said COM server. What happens then is the COM server initialization code looks up the provided CLSID in local registry under key
HKEY_CLASSES_ROOT\CLSID, and finds the path to the DLL under the
InProcServer32 subkey. It then expands eventual environment strings in the obtained DLL path and calls
LoadLibrary with the resulting path. Whatever happens afterwards is of no interest to us here.
