Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
693 views
in Technique[技术] by (71.8m points)

windows - Spying on COM Objects

I've set myself a new task which involves "spying" on COM objects.

Even if you don't do COM, you're probably familiar with API hooking techniques where you can hook onto an imported function and execute your own code before calling the original. API hooking is somewhat complex but it quickly gets messy (too messy for production code IMO) if you try to hook onto COM Object Methods.

So, at the moment, to do "my job", I set an API hook for CoCreateInstance and I dispatch hand-written proxies for the interfaces that I am interested in. Now that's not a lot of interfaces but it's not the neatest of solutions either.

Is there a way to do this in a neater way, preferably without using API hooking?

On a another note, this article seems to be great work http://www.ddj.com/windows/184416546?pgno=5 but the binary doesn't work anymore (I guess it was written around Win98 time). Does anyone know the internals of it and can point me to the right direction to making it work again?

Thanks

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

I don't have a definitive answer, but I know a guy who might :)

Jonas Blunck's tools are all about interception at different levels, his ComTrace is based on Keith Brown's technique, if I recall correctly, and sounds similar to what you're doing, except he parses type libraries and headers to keep track of interfaces dynamically.

We wrote Developer Playground together (I mostly did UI), it's based on API hooking, and I know Jonas said he wanted to rework ComTrace to use the same API hooking library, because it gave the best "resolution" for interception.

I don't know what you want to use this for, but I suggest you check out Jonas' tools and shoot him an e-mail - he might be able to prod you in the right direction.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...