Integrating COM IPC into Existing Executables

Friday, October 6, 2017

A few days ago at work, a requirement arouse to create some form of inter-process communication (IPC) between two cooperating processes where the source code for the executables themselves already existed, so such mechanism should integrate into the existing code as easily as possible, while providing bi-directional communication. Several options were brought up, including pipes and sockets. The processes are services and have no UI, so Window messages were not an option. Other ideas included shared memory with notifications using kernel event objects... and then I suggested COM. There was a brief silence and then people started murmuring things like "COM...
tags: , , ,
no comments

Hooking COM Classes

Monday, August 7, 2017

There are some common scenarios that benefit from the ability to hook operations. The canonical example is hooking Windows API functions for debugging purposes, or for malware detection. In this scenario, some DLL is injected into a target process and then hooks relevant functions. There are several ways to do that, but that is not the focus of this post; the interested reader can search the web for more information. In the Component Object Model (COM) world, things are not so easy. Since COM is object based, it's not generally possible to get the address of a COM interface method,...
tags: , , , ,
no comments

Launching Windows Store Apps Programmatically

Saturday, October 24, 2015

Windows Apps (a.k.a. Store apps or Metro apps) run in a dedicated sandbox, providing “extra protection” from outside apps and OS as opposed to classic Windows applications. One consequence of this is that launching a Windows App using a classic CreateProcess call will generally fail. For example, if we run the Weather app that comes with Windows and look at the command line that was used to start the process (e.g. using Task Manager or Process Explorer), this is what we see: "C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe"      -ServerName:App.AppX2m6wj6jceb8yq7ppx1b3drf7yy51ha6f.mca Clearly, there...
2 comments

Writing a Simple Debugger with DbgEng.Dll

Monday, July 27, 2015

In my post on using CLRMD’s debugger engine wrappers to “debug” a dump file, I’ve shown how we can take advantage of the documented API of DbgEng.Dll – the debugger engine that drives the Microsoft debuggers – CDB, NTSD, KD and WinDbg. In this post, we’ll take a step further and create a basic functioning user mode debugger that is able to attach to a process and do “normal” debugging, somewhat similar to CDB/NTSD but with some small colorful bonuses. As you may recall, I’ve taken the CLRMD project and made some enhancements to the callback interop types...
no comments

Using CLRMD to replace KD/CDB/NTSD and maybe WinDbg?

Thursday, May 14, 2015

I’ve been using the WinDbg low level debugger for several years now when things get hairy such as looking inside a .NET process and searching for memory leaks and other nasties. Or investigating a dump file, sometimes a kernel crash dump file (created because of the infamous “blue screen of death”), or when faced with a production system where Visual Studio does not (and will not) exist. Anyone who’s ever used WinDbg (or its equivalent console based debuggers – CDB, NTSD and KD) knows the feeling of wanting to get at some information but not always sure how...
2 comments

Making COM Collections Easily Consumable by .NET

Monday, April 13, 2015

In .NET, developers are accustomed to using constructs such as foreach to iterate over collections. In .NET, “Collection” refers to two types of objects: 1. Those that implement the IEnumerable or IEnumerable<T> interface.2. objects that don’t implement these interfaces, but have a method called GetEnumerator that return some object that has the following: a. Has a MoveNext method that returns a boolean and accepts nothing.b. Has a Current property that returns the type of object that the collection provides. Notice that no IEnumerator interface implementation is required. All this means that the (e.g. C#) compiler does pattern matching...
no comments