Geek Answers Handbook

Spying on COM objects

I set myself a new task, which includes "spying" on COM objects.

Even if you are not running COM, you are probably familiar with API connection methods, where you can connect to an imported function and execute your own code before calling the original. Capturing the API is somewhat complicated, but it quickly becomes messy (too messy for production IMO code) if you try to connect to COM object methods.

So, for now, to do "my job", I have installed the API for CoCreateInstance, and I am sending handwritten proxies for the interfaces that interest me. Now that there are not many interfaces, but these are not the most suitable solutions.

Is there a way to do this in a more neat way, preferably without using an API connection?

In another note, this article seems to work great http://www.ddj.com/windows/184416546?pgno=5 , but the binary doesn't work anymore (I think it was written around Win98 time). Does anyone know its insides and can point me in the right direction to make it work again?

thanks

+6
windows com hook
source share
2 answers

I would recommend using Keith Brown's universal delegate to perform low-level interception. The ComTrace tool mentioned by Kim Grasman uses it. It allows you to wrap an arbitrary com object in a wrapper that can perform interception, logging, etc. In the original articles (with code) describing the universal divider, here and here .

If you want to track com objects in arbitrary processes (you don’t have a source), you will also need to enter code using CreateRemoteThread () or something similar. There is an article here that can get you started if you haven't already.

+2
source share

I don't have a definitive answer, but I know a guy who could :)

Jonas Blunck's tools are dedicated to intercepting at different levels, his ComTrace is based on Keith Brown's technique, if I remember correctly and sounded similar to what you are doing, except that it analyzes type libraries and headers for dynamically tracking interfaces.

We wrote the Developer Playground together (I mainly did the UI), it is based on connecting the API, and I know that Jonas said he wanted to redesign ComTrace to use the same library of API connections, because it gave the best "permission" to intercept.

I don’t know what you want to use it for, but I suggest you check out Jonas tools and shoot him an email - he can push you in the right direction.

+3
source share

More articles:


All Articles