I came across this entry by a pure chance. I was testing some software (sorry, can’t reveal which one) and noticed that at some stage it tried to read the following WOW6432Node entry from the Registry:<\/p>\n\n\n\n
HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\BidInterface\\Loader
:Path=?<\/p><\/blockquote>\n\n\n\nOf course, anytime I see something like this I immediately test it as it is an opportunity to document yet another persistence mechanism. My quick test confirmed we can modify this value to load our DLL of choice when the aforementioned software starts. <\/p>\n\n\n\n
Now… this entry is not software-specific. In fact, the tested software does talk to the databases a lot. And after a quick googling exercise I discovered why I saw this artifact in my logs – the key is documented and is used for ADO.NET<\/a> Tracing<\/a>.<\/p>\n\n\n\n
Of course, it works in a non-WOW set up too:<\/p>\n\n\n\n
HKLM\\SOFTWARE\\Microsoft\\BidInterface\\Loader
:Path=?<\/p><\/blockquote>\n\n\n\nSo you can either do the tracing, or load a badness. Your choice.<\/p>\n","protected":false},"excerpt":{"rendered":"
I came across this entry by a pure chance. I was testing some software (sorry, can’t reveal which one) and noticed that at some stage it tried to read the following WOW6432Node entry from the Registry: HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\BidInterface\\Loader:Path=? Of course, anytime … Continue reading