Random

Hacking into DLLs [ COM ]

This is especially useful when you want to use someone else’s dlls.
1) Open the dll in windows dependency viewer:
You should see the following, if its a COM dll.
This basically is related to COM. If you go through COM tutorials you will know about this.
1)  next open the dll you need in OLEViewer. normally you would see it as below:
Click on the icon as shown below:
After clicking on that open the COM dll. You would see the IDL file as below:
Save the above as a IDL file.
3) Next you would need a tlb file.
You can generate the tlb file from the midl present in the microsoft visual studio. I generated on ms visual studio 2005 [vc8]
4)  C:Program FilesMicrosoft Visual Studio 8vcbin>midl ClientCOM.IDL /tlb client.tlb
5) You also can generate the header file for this using the /h switch instead of /tlb and extension also .h
6) After this create a new project VC++. Add this header file and tlb to the project.
7) initialize com


CoInitializeEx(0, COINIT_APARTMENTTHREADED  )) || SUCCEEDED(CoInitializeEx(0, COINIT_MULTITHREADED ))
typedef HRESULT ( STDAPICALLTYPE *typedefDllobject )(   REFCLSID rclsid, REFIID riid,  LPVOID * ppv );
IClassFactory*      classInterface;
typedefDllobject  memberDllclassobject;
HMODULE hLib = NULL;
// the name of the interface is present in the idl files
// also it can be got from the oleviewer
theNameoftheinterfaceyougot* interfaceName;
hLib = LoadLibrary( pathtodll );
// check for success
if( !hLib )
{
return error;
}
if( ( memberDllclassobject = ( typedefDllobject ) GetProcAddress( hLib, "DllGetClassObject" ) ) == NULL )
{
return error;
}
HRESULT hr = NULL;
//Get class information
hr = memberDllclassobject(__uuidof(nameofthedll), __uuidof(IClassFactory),(void**)&classInterface);
if ( SUCCEEDED( hr ) )
{
//Get the class now
hr = classInterface->CreateInstance(NULL, __uuidof(Iapi),   (void**)&interfaceName);
if ( SUCCEEDED( hr ) )
{
//Initialize the license
VARIANT variants;
// call your functions, using variant
hr = interfaceName->functionName(variants);

What i am basically doing is loading dll, initializing com and then calling the methods. Pretty easy to do.

In

,

Leave a Reply

Your email address will not be published. Required fields are marked *