What is DCOM? Working and Features

Software components can interact with one another across many computers on a local area network (LAN), a wide area network (WAN), or the internet thanks to Distributed Component Object Model (DCOM), an extension of the Component Object Model (COM). In order to distribute COM-based apps in a way that is not achievable with COM alone, Microsoft built DCOM.

 

COM has served as the cornerstone for many Microsoft technologies and products throughout the years. For the purpose of developing reusable software components that may communicate with one another at runtime, COM provides a binary interoperability standard. This comprises a common protocol and wire format used by COM objects to communicate with one another when executing on various hardware elements.

 

By allowing clients and components to interact even when they are located on separate computers, DCOM expands COM. DCOM uses a network protocol in place of the local interprocess communication seen in conventional COM communication to help with this communication. In actuality, DCOM offers a longer wire than COM, but neither the client nor the component are aware of this.

 

Also Read | Li-Fi Technology- Everything You Need to Know

 

What is DCOM?

 

The Distributed Component Object Model, commonly known as DCOM, is a technology for component-based, network-aware software development. DCOM is a technique for component-based, network-aware programme development. 

 

Developers may use Component Object Model (COM) components to build network-aware applications using Distributed Component Object Model (DCOM). TCP/IP is just one of the network transports that DCOM is compatible with.

 

DCOM is a client/server protocol that gives COM distributed network services. As a result, software components that support DCOM may connect with one another across a network in a manner similar to how COM components communicate with one another on a single system.

 

DCOM client objects use a common set of interfaces to request services from DCOM server objects located on various networked devices. Direct server object calls are not permitted from client objects. Instead, the operating system intercepts the DCOM request and employs remote procedure calls (RPCs) and other interprocess communication techniques to offer a transparent communication channel between the client and server objects.

 

The appropriate object-oriented services are provided to the client and server objects by the COM runtime. The security provider and RPCs are also utilized by the COM runtime to produce network packets that adhere to the DCOM standard. 

 

DCOM queries are sent via RPCs in Microsoft Windows NT and Windows 2000. Permissions, a security feature used by Windows NT and Windows 2000, make it possible for programme components to interact safely and dependably over networks.

 

An enormous variety of changes have been made to the object-oriented and distributed component-oriented paradigms during the past two decades. The Distributed Component Object Model was created by Microsoft to meet this need. DCOM is a Component Object Model extension that may be defined like COM with the addition of a long wire (COM).

 

Using the Object Distant Procedure Call protocol, DCOM, or Distributed Component Object Model, assists remote objects (ORPC). Every day in networked situations, 10 million individuals use Windows. 

 

The major goal of DCOM, which is already widely utilized, is to facilitate the construction of components that may interact with one another and be dynamically activated. Implementations of interfaces provide the basis of the DCOM object model.

 

Why is DCOM necessary?

 

DCOM is still a part of the Windows operating system and symbolizes the number of Windows services that communicate, such as the Microsoft Management Console, despite the fact that it has not succeeded in becoming the Internet's standard protocol (MMC).

 

Hackers can use DCOM to attack your network from many angles and obtain more data since it can run applications on other machines. Because it is not using malware or hacking tools, this behavior may be challenging to spot: PowerShell is all that is needed to access DCOM.

 

The Component Object Model is extended by DCOM (COM). The Component Object Model describes the interactions between components and their customers. Without the aid of another system component, the client and the component can communicate with one another through this interaction.

 

Consider the scenario where DCOM switches the local Inter-process communication with a network protocol when the client and component are present on different computers. The cable connecting them has recently grown somewhat longer, but neither the client nor the components are aware of it.

 

The DCOM wire-protocol standard is complied with by the COM run-time, which also offers object-oriented services to clients and components and creates standard network packets using RPC and the security provider.

 

The entire object model is completely built on an object-based programming approach to enable this reusable software component. Due to the object model's inability to provide inheritance, selection is made using it instead, hence the architecture described above is successful in preventing the fragile base class syndrome that may occur in other models.

 

When a class acquires individuals or behaviors from another class, the fragile base class syndrome manifests. The class that provides behavior and member functions that is acknowledged as the base class will be recognized as the derived class. 

 

The behaviour and member functions of a derived class will alter when changes are made to the members and functionality of the base class. Finally, changing the base class is required, which in turn necessitates compiling all dependent classes.

 

Also Read | Insider Threat: Meaning, Types and Protection Against It

 

Working of DCOM

 

DCOM requires that COM objects be configured correctly on both computer systems in order for it to function, and you seldom ever need to remove and reinstall items in order to get them to function properly for a specific purpose. DCOM configuration data is stored in the Windows Registry as three different identifiers: CLSID, PROGID, and APPID.

 

1. CLSID

 

A globally unique identifier, often known as a GUID, called CLSID (Class Identifier) is used to generate a unique identifier for an entity. Windows saves this CLSID for each setup class ‌a programme uses to carry out a certain operation. You need the correct CLSID to start a class so that Windows knows where to look and where to find the application.

 

2. PROGID

 

A programmer may substitute the programmatic identifier, or PROGID, for any complicated and stringent CLSID. It is optional or non-mandatory. The majority of the time, PROGIDs are simpler to read and comprehend. There are no limitations on the number of PROGIDs that can have the same name, which occasionally causes issues.

 

3. APPID

 

Every accessible app has an Application Identifier, or APPID, which is a form of unique identifier. App IDs aid in the security and authentication of your apps. It lists all the classes that make up an identical executable as well as the access rights needed to access it. If the APPID is incorrect, DCOM cannot function; thus, in order for DCOM to function properly, the APPID must be accurate.

 

Differences between COM and DCOM

 

1. Adversaries may utilise the Distributed Component Object Model to communicate with distant computers using Valid Accounts (DCOM). The opponent is then able to operate in the user's place.

 

2. A part of the native Windows application programming interface (API) that permits communication between executable programmes that implements one or more interfaces or software objects is called the Windows Component Object Model (COM). 

 

3. A client object can call methods of server objects, which are often Dynamic Link Libraries (DLL) or executables, using the Component Object Model (COM) (EXE). Using remote procedure call (RPC) technology, distributed COM (DCOM) is transparent middleware that expands the capabilities of COM outside of a local computer.

 

4. Access control lists (ACL) in the Registry define the rights to interact with COM objects on local and distant servers. By default, COM objects using DCOM can only be remotely activated and launched by Administrators.

 

5. Office applications and other Windows objects that employ insecure techniques are vulnerable to remote arbitrary and direct shellcode execution by adversaries using DCOM when they are functioning in the context of a user with the necessary privileges.

 

6. A malicious document is not necessary for DCOM to run macros in existing documents or to activate Dynamic Data Exchange (DDE) execution through a COM-created instance of a Microsoft Office application. DCOM can be used as a way to communicate with Windows Management Instrumentation from a distance.

 

Also Read | What is Attack Surface Management?

 

Features of DCOM

 

A client component and a server part make up the distributed apps. In a typical server component of such an application, a number of distributed objects are defined, and clients are given access to them by gaining references to them. 

 

The client component requests a reference to one or more objects from the server component, then invokes those objects' methods. RMI-P4 offers the means for communication between the client and server components.

 

The RMI-P4 supports the features listed below that a distributed object model-based application needs:

---

Features of DCOM

---

1. Find the dispersed item

 

Either by adding distributed objects to a naming system or by passing distributed objects as arguments or return values to methods, you may gain references to distributed objects in your application. The J2EE Engine's Naming System, which is a JNDI implementation, is used by the RMI-P4 to gain an initial reference to the distributed object rather than the normal RMI registry.

 

2. Engage dispersed items in conversation

 

Behind the P4 protocol's implementation lie the specifics of the actual communication. Programmatically speaking, this communication is identical to calling a local method as is.

 

3. Assemble items sent across a communication

 

The existence of methods for remote class loading is implied by the transmission of objects between a client and server. These functionalities are offered by the RMI-P4 with only minimal restrictions as compared to the normal RMI implementation.

 

The required classes are typically downloaded over HTTP by the P4 Provider service utilizing a Web application that is deployed in the Web Container service on the J2EE Engine. You can activate a different method that downloads classes via a P4 connection if the default mechanism is not an option in your situation.

 

Also Read | What is Cloud Security?

 

Software using the Component Object Model (COM) may interact over a network thanks to a Microsoft-exclusive technique called Distributed Component Object Model (DCOM). RPC is facilitated via COM apps that are added to DCOM, and a Distributed Computing Environment (DCE) specifically designed to handle Windows applications and platforms.

 

Traditional COM components can only execute interprocess communication within the same machine's process boundaries. When COM components (i.e Clients and servers) are connected to the same network, DCOM leverages the Remote-Procedure-Call-RPC (RPC) protocol to transmit and receive data transparently.