Home/ Questions/Q 353479
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T11:50:02+00:00

I am trying to debug some exe in windbg. Now its calling some thirdparty

  • 0

I am trying to debug some exe in windbg. Now its calling some thirdparty com dll which is exposing DLLGetClassObject function.

DLLGetClassObject signature is

HRESULT __stdcall DllGetClassObject(
  __in   REFCLSID rclsid,
  __in   REFIID riid,
  __out  LPVOID *ppv
);

Looking at stack trace and arguments I can find out the class id and interface id using commands

dt GUID [address]

When I try to search these guids in registry , I am not able to find anything.

Is there something wrong? I should be able to see the com classes and interfaces id in regsitry.
Any ideas?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Probably… If you follow the callstack, is DllGetClassObject invoked by any COM runtime function (CoCreateInstance, CoGetClassObject)?

    If so, your CLSID should be found under HKEY_CLASSES_ROOT/CLSID. The interfaces aren’t necessarily registered.

    Note that there’s nothing to prevent an app from loading a DLL and calling DllGetClassObject manually, as long as it knows the threading model requirements of the object to be created.

    • 0