DCOM is a programming construct that allows a computer to run programs on another computer over the network as if the program were running locally. DCOM is an acronym that stands for Distributed Component Object Model. DCOM is a proprietary Microsoft software component that allows COM objects to communicate with each other over the network.
As an extension of COM, DCOM solves some inherent problems with the COM model to improve usage over a network.
Marshalling: Marshalling solves the need to pass data from one COM object instance to another on another computer – progammatically speaking, this is called “passing arguments”. For example, if we want the last name Mueller, we have to call the COM object LastName with the argument of Mueller. The LastName function would use a Remote Procedure Call (RPC) to ask the other COM object on the target server for the return value of LastName (Mueller) and it would send the response Beeblebrox back to the first COM object.
Distributed Garbage Collection: The distributed Garbage Collection is designed specifically to scale DCOM to support high-volume Internet traffic, and also addresses the ability to destroy and recover DCOM objects that have been closed or abandoned to avoid destroying memory on Web servers. In turn, it communicates with the other servers in the transaction chain to let you know that they can get rid of objects associated with a transaction.
Using DCE/RPC as the underlying RPC mechanism: To achieve the previous points and scale to support high-volume web traffic, Microsoft implemented DCE/RPC as the base technology for DCOM – where the D in DCOM came from.
How does DCOM work?
For DCOM to work, the COM object must be correctly configured on both computers – in our experience, they rarely were, and you had to uninstall the objects several times to make them work.
The Windows registry contains the DCOM configuration data in 3 identifiers:
- CLSID – The Class Identifier (CLSID) is a Global Uniquer Identifier (GUID). Windows stores a CLSID for each installed class in a program. If you need to run a class, you need the correct CLSID so that Windows knows where to go to find the program.
- PROGID – The Programmatic Identifier (PROGID) is an optional identifier that a programmer can replace with the more complicated and more stringent CLSID. PROGIDs are usually easier to read and understand. A basic PROGID for our previous example could be Hitchiker.LastName. There are no restrictions on how many PROGIDs can have the same name, which occasionally causes problems.
- APPID – The Application Identifier (APPID) identifies all classes that are part of the same executable file and the permissions required to access them. DCOM cannot work if the APPID is incorrect. You are likely to receive permission errors when you try to create the remote object.
A simple DCOM transaction looks like this:
- The client computer requests the remote computer to create an object via its CLSID or PROGID. When the client passes the APPID, the remote computer looks for the CLSID with the PROGID.
- The remote computer checks the APPD and checks whether the client has permissions to create the object.
- DCOMLaunch.exe (if an exe) or DLLHOST.exe (if a dll) creates an instance of the class that the client computer requested.
- Communication is successful.
- The client can now access all the functions of the class on the remote computer.
- If the APPID is not configured correctly, or the client does not have the correct permissions, or the CLSID points to an old version of exe or other number of problems, you may receive the unpopular message “Can`t create Object”.
DCOM vs. CORBA.
Common Object Request Broker Architecture (CORBA) is a JAVA-based application and functions essentially like DCOM. Unlike DCOM, CORBA is not bound to a specific operating system (OS) and works on UNIX, Linux, SUN, OS X and other UNIX-based platforms.
They have not proven to be secure or scalable enough to become a standard for high-volume web traffic. DCOM and CORBA did not work well with firewalls, making HTTP the standard protocol for the Internet.
Why is DCOM necessary?
DCOM has not won the battle to become the standard protocol for the Internet, but it remains integrated into the Windows operating system and represents the number of Windows services that communicate – like the Microsoft Management Console (MMC).
Because DCOM can run programs on other computers, hackers can use it to attack with sideways movements over your network and gain access to more data. This activity can be difficult to detect because it is not malware or hacking tools: All that is required to access DCOM is PowerShell.
Thank you for your visit.
Thanks!