[DotGNU]How mscoree.dll works

[Rhys Weatherley]

I've performed some investigations into how Microsoft's "mscoree.dll" works to 
auto-launch the CLR when an IL program is executed directly by name.

The version of the DLL that is installed in C:\WINNT\System32 (on my w2k box 
with the latest .NET Framework SDK installed) seems to contain a bunch of 
stubs.  Each entry point loads another DLL and then passes control to that 
instead.  e.g.  this is what "_CorExeMain" looks like, more or less (ignoring 
error handling):

    int _CorExeMain()
    {
        HINSTANCE hInst = GetRealEngine();
        LPVOID addr = GetProcAddress(hInst, "_CorExeMain");
        return (*addr)();
    }

i.e. it finds the "real" engine DLL, and passes control to it.  The 
"GetRealEngine" function (a name that I made up - it probably isn't actually 
called that) appears to look in the registry for the actual runtime engine.  
But that's basically where I got stumped.  I wasn't able to figure out which 
registry settings were being used.

So, it does look relatively promising - if we can figure out which registry 
settings are being read, we could theoretically provide a 
"pnet/MS/Mono/Rotor" switching program to allow the user to switch between 
engines easily, with each engine providing its own "real engine" DLL.  
Alternatively, we can replace "mscoree.dll" with our own version that handles 
switching.

Since I'm not really a Windows internals person, I'm basically stumped at this 
point.  I'd appreciate any assistance from the community in tracking this 
down further.

Cheers,

Rhys.