Category Archives: little known secrets

1 little known secret of regsvr32.exe, take two

Posted on by

There is an archaic feature that regsvr32.exe leverages to autoregister libraries associated with file extensions.

For this to work, it expects an AutoRegister key to be present under the file extension handler with a default value pointing to the library f.ex:

file extension entry: txt -> txtfile
file handler: txtfile
autoregister entry: txtfile\AutoRegister\{Default}=<Library>

As such, one can use regsvr32.exe to load library of their choice without passing it as a command line argument to the program!

Let’s see an example for the txtfile:

reg add HKEY_CLASSES_ROOT\txtfile\AutoRegister /ve /d c:\test\bar.dll

echo > foo.txt

regsvr32 foo.txt

The AutoRegister feature requires the library supporting this feature to export a function called DllRegisterServerEx, but in my example I didn’t even bother as I just wanted to demo the DllMain Load…

1 little known secret of runonce.exe (32-bit)

Posted on by

When you execute 32-bit version of runonce.exe on a 64-bit version of Windows and pass to it the /RunOnceEx6432 argument you will make the program load iernonce.dll library and execute its RunOnceExProcess API…

Since the iernonce.dll library is loaded using LoadLibraryW we can simply copy runonce.exe to a different folder, and run it from there. This will load the iernonce.dll library we can control…