Can an out-of-process COM object determine its parent process?

Question

From an out-of-process COM object (LocalServer32) can I determine the client process that requested the creation of the object? - to be specific I need to get hold of the client processes command line.

This question arrises because (due to poor standardisation, implementation and support) the potential 3rd party clients of the object have a variety of idiosyncracies which the object needs to workaround.

To do this the object needs to be able to identify its current client.

Extending the interface of the COM object so that the client can identify itself is unfortunately not possible ... or to be more precise the interface can be extended but I won't be able to get the clients to call the extension.

Answer 1

Because COM server processes are shared by all clients of the same AppID, it's not possible to actually get the PID of the client application. As @Anders said, you can use CoImpersonateClient (or, better, call CoGetCallContext and interrogate the resulting IServerSecurity) to find the account and login session of the caller, but you cannot get the process itself.

If you are trying to work around bugs in legacy clients, I would recommend you create a new set of CLSIDs (or IIDs, if you can emulate all the bugs the legacy clients rely on with shims) for new (non-legacy) clients with VERY strict input validation, and implement new features only in these new CLSIDs. Legacy clients stick with their older CLSID, in which you can simply use the existing, legacy implementation (or a bug-for-bug compatible clone).

Answer 2

Maybe CoImpersonateClient()

Answer 3

Having looked into this further I suspect the answer is going to be "NO", but by all means tell me I'm wrong.

Using Process Explorer I can see that the parent process for my COM object is an instance of "svchost.exe", and not the client application.