OBJREF

Last updated

OBJREF is the name of the structure of marshalled interfaces in COM and DCOM. Because COM interfaces can only be called directly from the context (like a thread, process or machine) where they originated, when they are needed in another context they are marshalled in this structure, which is then passed to the destination context where it is unmarshalled to a proxy that takes care of the necessary communication, for example passing messages or network packets or marshalling other interfaces passed in calls. [1] [2]

Format

The layout of the structure is as follows: [3] [4]

OffsetSizeDescription
04Signature: 'MEOW'
44Flag indicating the kind of structure
816 Interface identifier
Flag = 1: standard
244Flags, mostly reserved for the system, but can be used to turn off pinging objects. [5]
284 Reference count
328OXID – object exporter identifier [6]
408OID – object identifier [6]
4816IPID – interface pointer identifier [7]
64variableDUALSTRINGARRAY
Flag = 2: handler (an extension of standard) [8]
6416 Class identifier of a class that will be used as a handler for the interface, i.e. sit between the client and the proxy.
80variableDUALSTRINGARRAY
Flag = 4: custom marshalling [9]
2416Class identifier of the custom proxy
4040 (reserved value)
444Size of the data below
48variableCustom marshalling data
Flag = 8: extended (also an extension of standard) [10]
644Signature 'VYSN'
68variableDUALSTRINGARRAY
 41 (historically the number of data elements below, but there always is only a single element)
 4Signature 'VYSN'
Data element used to identify and marshal an envoy context: [11] [12] [13]
 16Context identifier [14]
 4Size of the data below, excluding padding
 4Size of the data below, including padding
 8nA marshalled envoy context, padded to a multiple of eight bytes

The layout of DUALSTRINGARRAY is: [15] [16]

OffsetSizeDescription
02Total number of entries in the arrays below, including nulls
22Number of entries in the array that represent string bindings
42nString and security bindings

The string bindings are null-terminated records specifying connection information, like IP addresses, and the security bindings are null-terminated records specifying authentication information. Both arrays are null-terminated too.

Related Research Articles

VBScript is an Active Scripting language developed by Microsoft that is modeled on Visual Basic. It allows Microsoft Windows system administrators to generate powerful tools for managing computers with error handling, subroutines, and other advanced programming constructs. It can give the user complete control over many aspects of their computing environment.

Distributed Component Object Model (DCOM) is a proprietary Microsoft technology for communication between software components on networked computers. DCOM, which originally was called "Network OLE", extends Microsoft's COM, and provides the communication substrate under Microsoft's COM+ application server infrastructure.

Object Linking & Embedding (OLE) is a proprietary technology developed by Microsoft that allows embedding and linking to documents and other objects. For developers, it brought OLE Control Extension (OCX), a way to develop and use custom user interface elements. On a technical level, an OLE object is any object that implements the IOleObject interface, possibly along with a wide range of other interfaces, depending on the object's needs.

In computer programming, the term magic number has multiple meanings. It could refer to one or more of the following:

Windows Management Instrumentation (WMI) consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. WMI is Microsoft's implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards from the Distributed Management Task Force (DMTF).

The Active Template Library (ATL) is a set of template-based C++ classes developed by Microsoft, intended to simplify the programming of Component Object Model (COM) objects. The COM support in Microsoft Visual C++ allows developers to create a variety of COM objects, OLE Automation servers, and ActiveX controls. ATL includes an object wizard that sets up primary structure of the objects quickly with a minimum of hand coding. On the COM client side ATL provides smart pointers that deal with COM reference counting. The library makes heavy use of the curiously recurring template pattern.

Microsoft Data Access Components framework

Microsoft Data Access Components is a framework of interrelated Microsoft technologies that allows programmers a uniform and comprehensive way of developing applications that can access almost any data store. Its components include: ActiveX Data Objects (ADO), OLE DB, and Open Database Connectivity (ODBC). There have been several deprecated components as well, such as the Microsoft Jet Database Engine, MSDASQL, and Remote Data Services (RDS). Some components have also become obsolete, such as the former Data Access Objects API and Remote Data Objects.

Microsoft RPC is a modified version of DCE/RPC. Additions include partial support for UCS-2 strings, implicit handles, and complex calculations in the variable-length string and structure paradigms already present in DCE/RPC.

Dynamic-link library (DLL) is Microsoft's implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems. These libraries usually have the file extension DLL, OCX, or DRV . The file formats for DLLs are the same as for Windows EXE files – that is, Portable Executable (PE) for 32-bit and 64-bit Windows, and New Executable (NE) for 16-bit Windows. As with EXEs, DLLs can contain code, data, and resources, in any combination.

Windows Firewall

Windows Firewall, is a firewall component of Microsoft Windows. It was first included in Windows XP and Windows Server 2003. Prior to the release of Windows XP Service Pack 2 in 2004, it was known as Internet Connection Firewall. With the release of Windows 10 version 1709 in September 2017, it was renamed Windows Defender Firewall.

The X Window System core protocol is the base protocol of the X Window System, which is a networked windowing system for bitmap displays used to build graphical user interfaces on Unix, Unix-like, and other operating systems. The X Window System is based on a client–server model: a single server controls the input/output hardware, such as the screen, the keyboard, and the mouse; all application programs act as clients, interacting with the user and with the other clients via the server. This interaction is regulated by the X Window System core protocol. Other protocols related to the X Window System exist, both built at the top of the X Window System core protocol or as separate protocols.

In Microsoft Windows applications programming, OLE Automation is an inter-process communication mechanism created by Microsoft. It is based on a subset of Component Object Model (COM) that was intended for use by scripting languages – originally Visual Basic – but now is used by several languages on Windows. All automation objects are required to implement the IDispatch interface. It provides an infrastructure whereby applications called automation controllers can access and manipulate shared automation objects that are exported by other applications. It supersedes Dynamic Data Exchange (DDE), an older mechanism for applications to control one another. As with DDE, in OLE Automation the automation controller is the "client" and the application exporting the automation objects is the "server".

A network socket is a software structure within a network node of a computer network that serves as an endpoint for sending and receiving data across the network. The structure and properties of a socket are defined by an application programming interface (API) for the networking architecture. Sockets are created only during the lifetime of a process of an application running in the node.

.NET Remoting is a Microsoft application programming interface (API) for interprocess communication released in 2002 with the 1.0 version of .NET Framework. It is one in a series of Microsoft technologies that began in 1990 with the first version of Object Linking and Embedding (OLE) for 16-bit Windows. Intermediate steps in the development of these technologies were Component Object Model (COM) released in 1993 and updated in 1995 as COM-95, Distributed Component Object Model (DCOM), released in 1997, and COM+ with its Microsoft Transaction Server (MTS), released in 2000. It is now superseded by Windows Communication Foundation (WCF), which is part of the .NET Framework 3.0.

Variant is a data type in certain programming languages, particularly Visual Basic, OCaml, Delphi and C++ when using the Component Object Model.

Windows Task Scheduler

Task Scheduler is a component of Microsoft Windows that provides the ability to schedule the launch of programs or scripts at pre-defined times or after specified time intervals: job scheduling. It was first introduced in the Microsoft Plus! for Windows 95 as System Agent but was renamed to Task Scheduler in Internet Explorer 4.0 and Windows 98. The Windows Event Log service must be running before the Task Scheduler starts up.

Security Support Provider Interface (SSPI) is a component of Windows API that performs a security-related operations such as authentication.

Windows Search, formerly known as Windows Desktop Search on Windows XP and Windows Server 2003, is a system-wide desktop search feature of Microsoft Windows.


Component Object Model (COM) is a binary-interface standard for software components introduced by Microsoft in 1993. It is used to enable inter-process communication object creation in a large range of programming languages. COM is the basis for several other Microsoft technologies and frameworks, including OLE, OLE Automation, Browser Helper Object, ActiveX, COM+, DCOM, the Windows shell, DirectX, UMDF and Windows Runtime. The essence of COM is a language-neutral way of implementing objects that can be used in environments different from the one in which they were created, even across machine boundaries. For well-authored components, COM allows reuse of objects with no knowledge of their internal implementation, as it forces component implementers to provide well-defined interfaces that are separated from the implementation. The different allocation semantics of languages are accommodated by making objects responsible for their own creation and destruction through reference-counting. Type conversion casting between different interfaces of an object is achieved through the QueryInterface method. The preferred method of "inheritance" within COM is the creation of sub-objects to which method "calls" are delegated.

Windows Runtime (WinRT) is a platform-agnostic application and component architecture first introduced in Windows 8 and Windows Server 2012 in 2012. WinRT supports development in C++/WinRT, C++/CX, Rust/WinRT, JavaScript-TypeScript, and CLI languages such as C# and Visual Basic .NET (VB.NET). WinRT applications natively support both the x86 and ARM processors however native apps need to be separately compiled for each architecture, and may run inside a sandboxed environment to allow greater security and stability. WinRT components are designed with interoperability among multiple languages and APIs in mind, including native, managed and scripting languages.

References

  1. Tim Ewald (2001-03-06). "The Mechanics of COM+". Informit. Pearson Education & Addison-Wesley Professional. Retrieved 2008-09-07.
  2. Mike Hearn (2005-01-22). "More DCOM notes". Wine Developer's List. Codeweavers. Retrieved 2008-09-07.
  3. "dcom.idl". Wine. CodeWeavers. 2003. Retrieved 2008-09-06.
  4. Dharma Shukla (1998). "ShowMeMyOBJREF" . Retrieved 2008-09-07. (This is example code to inspect the contents of an OBJREF.)
  5. Eddon, Guy; Eddon, Henry (March 1998). "Understanding the DCOM Wire Protocol by Analyzing Network Data Packets". Microsoft Systems Journal. Microsoft. Retrieved 2008-09-07.
  6. 1 2 "Windows Protocols Master Glossary: O". MSDN. Microsoft. Retrieved 2008-09-06. object exporter identifier (OXID): A 64-bit number that uniquely identifies an object exporter within an object server. … object identifier (OID): (1) In the context of an object server, a 64-bit number that uniquely identifies an object.
  7. "Windows Protocols Master Glossary: I". MSDN. Microsoft. Retrieved 2008-09-06. interface pointer identifier (IPID): A 128-bit number that uniquely identifies an interface on an object within an object exporter.
  8. "OBJREF_HANDLER". MSDN. Microsoft. Retrieved 2008-09-06.
  9. "OBJREF_CUSTOM". MSDN. Microsoft. Retrieved 2008-09-07.
  10. "OBJREF_EXTENDED". MSDN. Microsoft. Retrieved 2008-09-06.
  11. "Context Properties". MSDN. Microsoft. Retrieved 2008-09-07.
  12. "Context Properties and Marshaling". MSDN. Microsoft. Retrieved 2008-09-07.
  13. "Windows Protocols Master Glossary: E". MSDN. Microsoft. Retrieved 2008-09-07. envoy context: A context that is marshaled and returned to a client as a result of obtaining an object reference.
  14. "Windows Protocols Master Glossary: C". MSDN. Microsoft. Retrieved 2008-09-07. context: A collection of context properties that describe an execution environment. sqq.
  15. "DUALSTRINGARRAY". MSDN. Microsoft. Retrieved 2008-09-06.
  16. Eddon, Guy; Eddon, Henry (1999). "Marshaled Interface Pointers". In Stroo, Eric; Turner, Alice; Young, Marc; Chang, Ina (eds.). Inside COM+ Base Services. Redmond: Microsoft Press. ISBN   0-7356-0728-1.