COM (Component Object Model) objects are a way to let processes call other processes. A process, that needs to call someone else loads a COM.dll into it’s address space.
Functions to get COM funcs: OleInitialize
and ColnitializeEx
. Pass CLSID
(class id, 16 bytes GUID) / IID
(interface id) to a CoCreateInstance
. OS searches for a program that has this functionality. Returns a pointer to a function.
ð In IDA Pro use Add Standart Structure -> Add -> Interface Name Vtbl. Example:
WebBrowser2Vtbl
. Right-click the offset and change to WebBrowser2Vtbl.Navigate. IDA will label the parameters.
These CLSIDs are unique and listed here: HKLM\Software\Classes\CLSID
and HKCU\Software\Classes\CLSID
. Also lists the path to the dll to the object.