One of the better marshalling mechanisms I've seen in my career involved two client side applications. The first exe essentially allowed the user to browse records in a database and invoke another executable to operate on selected records. The second exe was invoked via out of proc COM which is normal enough.
But rather than pass the id of the record or a record set or something via the COM interface that the first app was already using to interact with the second, the first app wrote the record id in a "known" location in the registry. The second app would look at that known location, connect to the database and retrieve the record by that id.
Both side of the equation were controlled by the same team so there was no issue with a COM contract that couldn't be changed. It was written back in the 95 days so of course used local_machine instead of current_user so this came to light with a "doesn't work if not admin" on NT.
But in full disclosure did I change the COM interface and pass the id that way? Of course not. I changed the registry path in both apps, recompiled and marked it fixed.