Digg this topic Add to my del.icio.us Submit to SlashDot 8 Pages V   1 2 3 > »   
Reply to this topicStart new topic
> dll and ocx
MedEvil
post Jul 25 2007, 11:27 AM
Post #1


Advanced Member
***

Group: .script developer
Posts: 1,270
Joined: 29-December 06
Member No.: 2,192



When a program requires a certain dll from system32, it's usually good enough, to copy that dll into the application folder, to make the app more 'portable'.
However those stupid ocx files make trouble. It seems like they refuse to work without the proper registry keys.

Any bright ideas how to get them to work? Best without having to write to registry first.

(IMG:../forums/style_emoticons/default/cheers.gif)
Go to the top of the page
 
+Quote Post
Nuno Brito
post Jul 25 2007, 12:03 PM
Post #2


Advanced Member
***

Group: .script developer
Posts: 4,203
Joined: 13-July 06
From: Azores
Member No.: 1


Portugal


Hi MedEvil, I join your doubts about this question.


I've been trying to find a way to register OCX files inside a target windows but it seems that there isn't a specific way of doing this task.

RegSVR32 has to be used and it will do the appropriate installation of the DLL or OCX file.

http://www.microsoft.com/resources/documen...2.mspx?mfr=true

Would be really great to have a way to do this without resorting to regsvr32 and apply it on the hives and system32 folder that we're creating.. (IMG:../forums/style_emoticons/default/smile.gif)

---------------------------------

Looking on microsoft.com - they've documented how this process works and even posted a snippet that can be used as example: http://support.microsoft.com/kb/207132/en

QUOTE
RegSvr32.exe calls the following Win32 functions in this order:
OleInitialize
LoadLibrary to load the DLL
DllRegisterServer or DllUnregisterServer
FreeLibrary
OleUninitialize
Most often, RegSvr32.exe fails because the LoadLibrary, DllRegisterServer, or DllUnregisterServer function fails. LoadLibrary can fail if the DLL is not in the specified path, or if the specified path is incorrect. LoadLibrary can also fail if one of the dependencies of the DLL that you are trying to load is not met; in other words, if a dependent DLL is not present or is not in the specified path.

NOTE: You can use the Depends.exe tool to check whether or not all of the dependencies of your DLL are met. Depends.exe is included with the Microsoft Platform Software Development Kit (SDK), which ships with Microsoft Visual Studio.

Your DLL must implement DllRegisterServer and DllUnregisterServer, which contain the logic that is necessary to add or delete the required registry entries for the COM component. RegSvr32.exe finds the entry point to these functions, and calls them appropriately.


OCX also seems capable to be intercepted - I don't have any experience with this part, but can't these functions be recorded on the host machine and then replicated on the target windows? (IMG:../forums/style_emoticons/default/huh.gif)

http://support.microsoft.com/kb/249873/en

Maybe some developers can better make use of this information and develop an alternative to regsvr32 that can register OCX and DLL files into our target windows.

(IMG:../forums/style_emoticons/default/cheers.gif)

This post has been edited by Nuno Brito: Jul 25 2007, 12:10 PM
Reason for edit: Added info from MS KB
Go to the top of the page
 
+Quote Post
Moon Goon
post Jul 25 2007, 12:03 PM
Post #3


Advanced Member
***

Group: Advanced user
Posts: 181
Joined: 1-August 06
Member No.: 95



I think you could make a batch file like this:

REGSVR32.EXE BOOBERSNAP.OCX
FLOGDOLP.EXE


BOOBERSNAP.OCX
being your OLE Control Extension and FLOGDOLP.EXE being the program to run.

Unfortunately, the whole point of REGSVR32.EXE is to mess with the registry, so I'm not sure how it would run under a PE environment.

UPDATE: Looks like Nuno posted a better answer at the same time I did (IMG:../forums/style_emoticons/default/tongue.gif)

Okay, then my second suggestion is to use InstallRite from WinPE and
A. Install the program and capture its changes to create an instant install *just* for WinPE. Or
B. Install the programs and capture its changes so you can figure out how to manually integrate the files/registry changes needed.

I think this is a link to a WinBuilder script for Installrite:
http://www.boot-land.net/forums/index.php?showtopic=2537
Go to the top of the page
 
+Quote Post
MedEvil
post Jul 25 2007, 01:12 PM
Post #4


Advanced Member
***

Group: .script developer
Posts: 1,270
Joined: 29-December 06
Member No.: 2,192



The ocx problem is solvable unter PE, by using the registry i guess.
My problem lies more in another area.
I create my BootCDs in a way that gives me not only access to my apps, when i booted from CD, but also under real XP via autostart und NuMenu.

Though most apps i use are not greenware and write to the registry of the 'host' system, they do not write data that can cause trouble. But those ocx entries can and do. Besides that, the problem exists that upon registring, my versions possibly overwrite the settings for the installed ones. (IMG:../forums/style_emoticons/default/thumbdown.gif)

(IMG:../forums/style_emoticons/default/cheers.gif)
Go to the top of the page
 
+Quote Post
jaclaz
post Jul 25 2007, 07:05 PM
Post #5


Finder
***

Group: Advanced user
Posts: 1,129
Joined: 14-July 06
Member No.: 2


Italy


FYI:
http://www.softcircuits.com/sw_apps.htm
QUOTE
Control Registration Utility 2.00
RegCtrls (Register Controls) allows you to selectively register and unregister OLE controls with the system registry. RegCtrls is a GUI replacement for Microsoft's REGSVR32 command-line utility. RegCtrls uses its Windows interface to provide easier access to features and also provides functionality not available with Microsoft's command-line utility.


http://staff.develop.com/shawnv/reggie/readme.html
QUOTE
Reggie
an alternative to Microsoft's RegSvr32.exe (and RegTLib.exe)


http://www.ureader.com/message/1084868.aspx
QUOTE
I wrote some code that would essentially do the following:

- build a list of registry keys to monitor
- run DllUnregisterServer on the DLL
- capture the state of monitored registry keys
- run DllRegisterServer on the DLL
- build a difference list of monitored keys

This is incorporated into izfree, but I don't know how useful that
would be to you. You can look at the vbscript and see how the
izMonitor.exe COM object works and maybe repurpose it to your own
needs. <http://izfree.sourceforge.net>


http://izfree.sourceforge.net/

jaclaz
Go to the top of the page
 
+Quote Post
psc
post Jul 25 2007, 07:13 PM
Post #6


Guru
***

Group: .script developer
Posts: 3,043
Joined: 14-July 06
From: Korschenbroich, Germany
Member No.: 3


Germany


It looks like that besides MedEvil nobody understood the real issue:

It is possible to install in the PE an autostart, RunOnce or similar mechanism which does the regsrv32 <myDLL>

But currently there is no way known to register the OCX / DLL into a remote hive inside %TargetDir% or to register it into a hive which is mounted as "WB-HIVE" in the local registry.
That must be done w/o changing the local registry.

The first choice would (with many OCXSes) enlarge the boot time remarkably.
The second choice would be done once during PE build and has no effect on boot time.

Peter
Go to the top of the page
 
+Quote Post
Nuno Brito
post Jul 25 2007, 09:47 PM
Post #7


Advanced Member
***

Group: .script developer
Posts: 4,203
Joined: 13-July 06
From: Azores
Member No.: 1


Portugal


I think we'all understood what MedEvil meant, but Jaclaz gave very good hints to fetch some good answers.. (IMG:../forums/style_emoticons/default/smile.gif)

While reading the pages mentioned by him I've stumbled on this interesting comment here:
QUOTE
Re: Capture Registry Keys from Regsvr32.exe

I did something a while back - it's here:

http://www.installsite.org/pages/en/msi/tips.htm

scroll down to Capture Self Registration Information. It uses the Windows
2000 API RegOverridePredefKey to cause the registry entries to redirect to
another location.
--
Phil Wilson [MVP Windows Installer]



Looking on the site mentioned: http://www.installsite.org/pages/en/msi/tips.htm

QUOTE
RegSpy

This program (formerly known as RegIt) captures COM registration entries for DLLs, OCXs and EXE COM servers. In general, it works by using the RegOverridePredefKey on Windows 2000 to redirect registry entries to another registry area.

1. It takes the path to the Dll as a command line argument.
2. Loads the Dll and looks for DllRegisterServer to call.
3. Redirects HKEY_CLASSES_ROOT and HKEY_LOCAL_MACHINE registry entries to
HKEY_CURRENT_USER\Software\Unisys\Registry\<dllname>\HKCR and
HKEY_CURRENT_USER\Software\Unisys\Registry\<dllname>\HKLM.

In contrast to other registry monitor solutions it doesn't need any drivers. Source code is included in the package.

Update: Now can output a .reg file for import in MSI authoring tools. Source code requires Visual Studio .NET 2003.

http://www.installsite.org/files/iswi/RegSpy2.zip

Original version (source code works with Visual Studio 6.0):
http://www.installsite.org/files/iswi/RegSpy.zip

Written by Phil Wilson



I think Jaclaz hit the jackpot, thanks for the links! (IMG:../forums/style_emoticons/default/thumbup.gif)

btw: regctrls from http://www.softcircuits.com/sw_apps.htm is a very app to disable malware "registered" in your system or just debug installed activex, quite handy.. (IMG:../forums/style_emoticons/default/smile.gif)

Go to the top of the page
 
+Quote Post
psc
post Jul 26 2007, 08:20 AM
Post #8


Guru
***

Group: .script developer
Posts: 3,043
Joined: 14-July 06
From: Korschenbroich, Germany
Member No.: 3


Germany


QUOTE(Nuno Brito @ Jul 25 2007, 11:47 PM) *
I think Jaclaz hit the jackpot, thanks for the links! (IMG:../forums/style_emoticons/default/thumbup.gif)

And Nuno took the right piece out of the jackpot: RegOverridePredefKey.

Today I'm out, but I thing tomorrow evening we have a Delphi program doing the register into a mounted hive.

Peter
Go to the top of the page
 
+Quote Post
Nuno Brito
post Jul 26 2007, 10:43 AM
Post #9


Advanced Member
***

Group: .script developer
Posts: 4,203
Joined: 13-July 06
From: Azores
Member No.: 1


Portugal


Good to hear that! (IMG:../forums/style_emoticons/default/smile.gif)

Look here too:


QUOTE
It all started when I felt the need for a tool that could :-

1. Register COM servers only for the current user
2. Create a .reg file instead of registering the COM server. I needed this for creating a windows installer package.

I found an answer for the second problem in the tool RegCap.exe which comes with Microsoft Visual Studio.NET. This tool can be found in the sub directory - \Common7\Tools\Deployment within the main installation directory of Visual Studio.NET. If you want to create a .reg file instead of registering a COM server (dll or an exe), you can simply invoke this tool from the command prompt as:-

CODE
RegCap /O OutputFile.reg MyComServer.dll

This will output all the registration entries of MyCOMServer.dll to OutputFile.reg without actually registering the COM server. This is very useful in creating windows installer packages where the best practice is not to self register a COM server. This tool is internally used by the IDE when building the setup projects.


Binary
http://www.codeproject.com/w2k/RegSvrEx/RegSvrEx_bin.zip

Source
http://www.codeproject.com/w2k/RegSvrEx/RegSvrEx_src.zip

Website
http://www.codeproject.com/w2k/regsvrex.asp - has a lot of interesting informations on how to intercept everything that is done while registrating the DLL file along with more code snippets.


More informations from MSDN: http://msdn2.microsoft.com/en-us/library/ms724901.aspx

More from Phil Wilson
http://www.ddj.com/dept/windows/184416328?pgno=1


Delphi code
CODE
function RegOverridePredefKey(hKey: HKEY; hNewKey: HKEY): Longint; stdcall;
  external advapi32 name 'RegOverridePredefKey';

procedure OverrideRegistryKey(Register: boolean);
var
  HKCU: HKEY;
  ret: integer;
begin
  if Register then
  begin
    RegOpenKeyEx(HKEY_CURRENT_USER, 'Software\Classes', 0, HEY_ALL_ACCESS, HKCU);
    try
      ret := RegOverridePredefKey(HKEY_CLASSES_ROOT, HKCU);
      if ret <> ERROR_SUCCESS  then
        ShowMessage('Error overriding HKCU:' + #13#10 + SysErrorMessage(ret));
    finally
      RegCloseKey(HKCU);
    end;
  end
  else
    RegOverridePredefKey(HKEY_CLASSES_ROOT, 0);
end;
http://www.distribucon.com/blog/default,month,2004-09.aspx


Delphi code for registering dll's (good reference?)

CODE

unit DLLRegister;

interface

function DllServer(const ADll: string; const ARegister: boolean = true): boolean;

implementation

uses
Windows, OSVersion, Registry, IsAdministrator;

type
TDllRegisterServer = function: HResult; stdcall;
TRegOverridePredefKey = function(AKey, ANewKey: HKEY): longint; stdcall;

function RegOverridePredefKey(AKey, ANewKey: HKEY): longint;
var
iDll: integer;
pROPK: TRegOverridePredefKey;
begin
Result := ERROR_INVALID_FUNCTION;
iDll := LoadLibrary(advapi32);
if iDll <> 0 then
try
pROPK := GetProcAddress(iDll, 'RegOverridePredefKey');
if Assigned(pROPK) then
Result := pROPK(AKey, ANewKey);
finally
FreeLibrary(iDll);
end;
end;

function _DllRegisterServer(const ADll: string; const ARegistering: boolean = true): boolean;
var
iDll: integer;
pDRS: TDllRegisterServer;
strRegister: string;
begin
if ARegistering then
strRegister := 'DllRegisterServer'
else
strRegister := 'DllUnregisterServer';

Result := false;
iDll := LoadLibrary(pAnsiChar(ADll));
if iDll <> 0 then
try
pDRS := GetProcAddress(iDll, PAnsiChar(strRegister));
if Assigned(pDRS) then
Result := pDRS = S_OK;
finally
FreeLibrary(iDll);
end;
end;


function OverrideRegistryKey(const ARegister: boolean): boolean;
var
hNewHive: HKEY;
begin
if ARegister then
begin
RegOpenKeyEx(HKEY_CURRENT_USER, 'Software\Classes', 0, KEY_ALL_ACCESS, hNewHive);
try
Result := RegOverridePredefKey(HKEY_CLASSES_ROOT, hNewHive) = ERROR_SUCCESS;
finally
RegCloseKey(hNewHive);
end;
end
else
Result := RegOverridePredefKey(HKEY_CLASSES_ROOT, 0) = ERROR_SUCCESS;
end;

function DllServer(const ADll: string; const ARegister: boolean = true): boolean;
var
swvVersion: TWindowsVersion;
fNT: Boolean;
begin
swvVersion := GetWindowsVersion;
fNT := (swvVersion.KernelType = wktNT) and (swvVersion.MajorVersion >= 5);
Result := false;

if fNT then
begin
if ARegister then
begin
if OverrideRegistryKey(true) then
begin
try
Result := _DllRegisterServer(ADll, ARegister);
finally
OverrideRegistryKey(false);
end;
end
else if not IsAdmin then
exit
else
Result := _DllRegisterServer(ADll, ARegister);
end
else
begin
Result := _DllRegisterServer(ADll, ARegister);
try
Result := Result or _DllRegisterServer(ADll, ARegister);
finally
OverrideRegistryKey(false);
end;
end
end
else
Result := _DllRegisterServer(ADll, ARegister);

end;

end.
http://www.koders.com/delphi/fid0AA937CD0146050725D29B500FB8155DD9F341B0.aspx


More snippets
CODE

type
// this function maps a predefined key to the argument; used for chrooting a key
// to a new hive in the registry. this only affects the calling process!
function RegOverridePredefKey(a_hKey: HKEY; // predefined key [HIVE] a_TargethKey: HKEY): Longint; stdcall; // OPEN! key. all calls to HIVE will end up here

implementation
function RegOverridePredefKey(a_hKey: HKEY; a_TargethKey: HKEY): Longint; external 'advapi32.dll' name 'RegOverridePredefKey';
http://www.delphipraxis.net/post168989.html (german forum)

Maybe this way DLL's and OCX files can directly write the target hives?


And a more recent app along with source code to export all registry entries to a .reg file (along with some explanations how it works..)
http://vagmi.supersized.org/archives/13-Sp...ry-Entries.html

QUOTE
Spying on Registry Entries

I am probably letting out the best kept secret of installation industry. I always used to wonder and have now discovered how most of the installation tools spy on registry entries that are created during COM registration or similar processes without actually affecting the build system. The spying program creates temporary registry keys for each of the registry hives HKCR, HKLM, HKCU, HKU and it maps the registry hives to these temporary registry keys. It then triggers the registration function which creates registry entries withing the registry keys specified instead of including it in the hives. I came across this revelation while I was wading through the source code for Tallow in the WIX toolset.

The core of this spying exercise relies on functions exposed by the advapi32.dll. The actual hive to key mapping is performed by the RegOverridePredefKey() function. The handle to the registry key is passed by using the RegCreateKeyEx() or the RegOpenKeyEx() function. After the mapping is done, you can invoke the DllRegisterServer() function after loading the library using the LoadLibrary() function. This mapping would be active for all the registry entries created by that particular process. So out of process registration for exe files may not directly work with this method. For the sake of simplicity, I am going to extract COM Interop settings from a given assembly. So let us write a simple console app in C# to do this. This app would perform the mapping and write the registry entries to a REG file and wipe out the key after the file is written.

Extracting registration information from a DLL file is similar but involve the importing other functions from Kernel32.dll. So I am giving that a raincheck now. You can download the Wix toolset's source package if you are interested.



Paraglider also has quite some expertise on this area..
http://www.911cd.net/forums//index.php?showtopic=5252
http://www.paraglidernc.com/plugins/runscanner.htm


(IMG:../forums/style_emoticons/default/smile.gif)
Go to the top of the page
 
+Quote Post
jaclaz
post Jul 26 2007, 02:39 PM
Post #10


Finder
***

Group: Advanced user
Posts: 1,129
Joined: 14-July 06
Member No.: 2


Italy


@psc
Let's put it this way, if we were an antivirus:
MedEvil wold be the change detection monitor
I would be the heuristic engine
Nuno would be the scanner
you would be the patching engine

(IMG:../forums/style_emoticons/default/wink.gif)

(IMG:../forums/style_emoticons/default/cheers.gif)

jaclaz
Go to the top of the page
 
+Quote Post
« Next Oldest · Suggestions and Requests · Next Newest »
 

8 Pages V   1 2 3 > » 
Fast ReplyReply to this topicStart new topic

Collapse

> Similar Topics

  Topic Replies Topic Starter Views Last Action
No New Posts Topic has attachmentsdll2.script
2 allanf 285 7th September 2007 - 05:40 AM
Last post by: allanf


 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

- Lo-Fi Version Time is now: 16th October 2007 - 07:35 AM

MKPortal ©2003-2006 mkportal.it