Windows — COM (Component Object Model)
COM (Component Object Model) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact with each other. COM is the foundation technology for Microsoft’s OLE (compound documents) and ActiveX (Internet-enabled components) technologies. These objects can be within a single process, in other processes, even on remote computers. (https://learn.microsoft.com/en-us/windows/win32/com/component-object-model--com--portal).
COM was introduced by Microsoft in 1993. It is used for IPC (Inter Process Communication) in a variety of programming languages. Also, COM allows the reuse of objects without any knowledge of their internal implementation, it forces implementing a well-defined interfaces that are separated from the implementation (https://en.wikipedia.org/wiki/Component_Object_Model).
Let us go over a small example of using COM. Excel uses COM to enable users to create/modify/save/share excel files. By using COM we don’t need to understand the binary format of excel files in order to perform the different operations. You can see a demonstration for that in the screenshot below.
Moreover, COM objects are registered with the operating system so they could be loaded in the future. The magic behind that is CLSID (Class ID). A CLSID is a globally unique identifier that identifies a COM class object. If your server or container allows linking to its embedded objects, you need to register a CLSID for each supported class of objects (https://learn.microsoft.com/en-us/windows/win32/com/clsid-key-hklm).
CLSID is stored in the registry under HKEY_CLASSES_ROOT\CLSID\{CLSID value}. (https://www.trendmicro.com/vinfo/us/security/definition/clsid). It is used by the operating system to locate the appropriate code for loading. For examples of CLSIDs I suggest going over the following link
https://www.elevenforum.com/t/list-of-windows-11-clsid-key-guid-shortcuts.1075/.
They are several related technologies that we are going to talk about in future writeups: COM+, DCOM, Windows Runtime (aka WinRT), XPCOM (aka nano-COM), .NET framework, DEC/RPC, OLE, ActiveX, MSRPC and DDE. For more information I suggest reading the following link https://learn.microsoft.com/en-us/windows/win32/com/component-object-model--com--portal.
See you next time ;-) You can follow me on twitter — @boutnaru (https://twitter.com/boutnaru).