Where do entries from regsvr32-registered DLLs get stored

windows-7 dll regsvr32

Solution 1:

regsvr32 is basically calling LoadLibrary then DllRegisterServer in the DLL. so the actually behavior would depend on how the DLL is coded.

Most DLLs don't have a DllRegisterServer function, like the Visual C++ runtime or most Windows DLLs, thus regsvr32 won't work on them. For those that actually do, usually the expectation is that the DLL hosts home kind of COM server and in order to find a server, COM needs to have its location and capability in registry. Thus normally you would see mostly registry writes when you monitor regsvr32 in Process Monitor.

That said, a malicious DllRegisterServer can do anything to your computer. E.g. here is one that launches an installer (https://securityliterate.com/chantays-resume-investigating-a-cv-themed-zloader-malware-campaign/).

Related

Force turn on file and printer sharing
When using OpenVPN, TAP-Windows Adapter V9 says its unplugged after a few months
What type of hard drive hardware failure leads to this stripy read failure pattern?
How do I add my own entries to the new Windows 11 right click context menu?
Can I encode a PNG image losslessly to another format and decode it back into an identical file?
Exchange Online SMTP Not Working With Any Email Client
Error Installing Linux on Lenovo IdeaPad S540
How can I resume a broken SFTP download in Window 7 console?
Seeking 9-bit serial port card for Windows PC [closed]
how to export a fastlane env to the main shell environment?
Why EF navigation property return null?
ReactJS component won't update after first API call