Recent User32 <=> windowClass assembly findings

Nikolay Sivov bunglehead at
Sun Dec 20 09:16:17 CST 2009

Hopefully my first attempt to implement class redirection wasn't committed
cause it's definitely incomplete.

After some testing I've got new info here (to be added to patch comments 
1) not statically linked sxs module is loaded not only on window 
creation but
   on GetClassInfo() (GetClassInfoEx() is to be tested but I think it's 
the same).
   This is a case only on vista+ systems, xp doesn't attempt to load 
assembly on
2) "versioned" attribute in windowClass element affects redirection 
    when set to "no" user32 doesn't try to load assembly at all.

Second problem requires a FindActCtxSectionString() to actually fill key 
with undocumented format, I did some dumping basing on length value 
similar way it's done for dll redirection test (with a dword pointer) 
and useful
fields are actually obvious - such as classname and module name.

First problem stops me cause I don't know what way to prefer here.
Any advices are welcome.

P.S. Maybe it helps - native returned class data in case of vista+ and 
comctl32 v6
contains pointers to winproc as "FFFFxxxx" format, high word is 
constant. Personally
I don't know what is supposed to mean, builtin classes without 
redirection don't show
such patterns.

