{"id":13754791,"url":"https://github.com/abarbatei/ida-utils","last_synced_at":"2026-04-05T11:34:22.227Z","repository":{"id":153867292,"uuid":"137677379","full_name":"abarbatei/ida-utils","owner":"abarbatei","description":"links, information and helper scripts for IDA Pro","archived":false,"fork":false,"pushed_at":"2018-06-21T22:12:16.000Z","size":7,"stargazers_count":16,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-11-16T08:33:10.727Z","etag":null,"topics":["com","ida"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/abarbatei.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-06-17T18:35:44.000Z","updated_at":"2024-06-04T21:49:58.000Z","dependencies_parsed_at":"2024-01-13T02:51:40.685Z","dependency_job_id":"53a61924-a9b7-469d-afea-1603251efe2b","html_url":"https://github.com/abarbatei/ida-utils","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abarbatei%2Fida-utils","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abarbatei%2Fida-utils/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abarbatei%2Fida-utils/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abarbatei%2Fida-utils/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/abarbatei","download_url":"https://codeload.github.com/abarbatei/ida-utils/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253346377,"owners_count":21894263,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["com","ida"],"created_at":"2024-08-03T10:00:34.216Z","updated_at":"2026-04-05T11:34:22.215Z","avatar_url":"https://github.com/abarbatei.png","language":null,"readme":"# ida-utils\r\n\r\nA small but brave and growing collection of advice, links and observations regarding reverse engineering using IDA Pro.\r\n\r\n## Reversing COM binaries\r\n\r\n### Understanding COM objects/binaries\r\n\r\n[COM](https://msdn.microsoft.com/en-us/library/windows/desktop/ms694363(v=vs.85).aspx) - Component Object Model\r\n\r\nhttps://www.codeproject.com/Articles/13601/COM-in-plain-C\r\n- one of the best articles I have read. I highly recommend it\r\n\r\nhttps://reverseengineering.stackexchange.com/questions/13282/ida-pro-list-com-methods\r\n- a very informative thread\r\n\r\nhttp://bytepointer.com/resources/index.htm\r\n- a very interesting site. Highly recommend all the articles regarding COM\r\n\r\nhttp://www.moserware.com/2008/01/finally-understanding-com-after.html\r\n- interesting article with references to other good links for understanding COM\r\n\r\nhttp://www.moserware.com/2009/04/using-obscure-windows-com-apis-in-net.html\r\n- interesting article referenced in the previous recommendation\r\n\r\nCOM functions reside in ole32.dll `C:\\Windows\\System32\\ole32.dll`\r\n\r\nMore information regarding COM can be found everywhere since [it is as old as me](https://en.wikipedia.org/wiki/Component_Object_Model).\r\n\r\n\r\n### COM reversing tools\r\n\r\n- [IDA Pro](https://www.hex-rays.com/products/ida/) :smile:\r\n- [Win32 Python COM module](http://timgolden.me.uk/pywin32-docs/pythoncom.html)\r\n- [RCE COM Tools library](http://www.woodmann.com/collaborative/tools/index.php/Category:COM_Tools)\r\n- [Microsoft OLE-COM Object Viewer](https://msdn.microsoft.com/en-us/library/windows/desktop/ms688269(v=vs.85).aspx)\r\n    - the binary comes when the Windows SDK. On my machine, I found the binary as follows (path and sample MD5 hash):\r\n\r\n```\r\nC:\\Program Files (x86)\\Windows Kits\\10\\bin\\10.0.17134.0\\arm64\\oleview.exe - dd683d280b74d2cc2e6a31a574ac6da0\r\nC:\\Program Files (x86)\\Windows Kits\\10\\bin\\10.0.17134.0\\x64\\oleview.exe   - 3cec2bf41e410926f62e189bef547d30\r\nC:\\Program Files (x86)\\Windows Kits\\10\\bin\\10.0.17134.0\\x86\\oleview.exe   - 0eeccd530de75c398329a1ba0194614f\r\n```\r\n\r\n### Using IDA Pro\r\n\r\n#### Types\r\n\r\nAs ashamed as I am, I must admit I originally did not know in what type library (if any) I could find the IDA structures relating to COM.\r\n\r\nFirst I used IDA's load header feature to load headers such as [guiddef.h](https://github.com/tpn/winsdk-10/blob/master/Include/10.0.10240.0/shared/guiddef.h).\r\nThe files are originally found when installing the Windows SDK (in my case there were in `C:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.17134.0`).\r\nInitially I found most of my required headers, online, [here](https://github.com/tpn/winsdk-10/blob/master/Include/10.0.10240.0/) for example.\r\n\r\nA second attempt was as to create an IDA .til file. Not knowing all the header files I would need I parsed the 133 functions pages displayed here: [MSDN list of functions that are provided by COM.](https://msdn.microsoft.com/en-us/library/windows/desktop/ms680586(v=vs.85).aspx) to find out that all the functions were exported by:\r\n```\r\nCallobj.h\r\nCombaseapi.h\r\nGuidDef.h\r\nMessagedispatcherapi.h\r\nObjbase.h\r\nOle2.h\r\nOlectl.h\r\nROApi.h\r\nUrlmon.h\r\n```\r\nwitch I subsequently collected from the SDK in order to build into the .til. At this point I realised the types were probabil in a visual studio type library, something that IDA has.\r\n\nThe type library I was looking for was:\r\n`vc9 - Visual Studio v9 headers (without windows.h)`\r\nThe header files are also found in `vc6win - Visual C++` but with a different flavor.\r\n\r\nOne could have used something similar to `for /R %i in (*.til) do (tilib.exe -lc \"%i\" | grep GUID -c | grep -v 0)` to find any referenced target structures, but where would the reverse engineering fun in that be?\r\n\r\nAfter loading the type library and doing a type change, such beauty beholds, an example:\r\n![IUnknown](/resources/IUnknown_type.png)\r\n\r\n#### Scripts\r\nHaven't found many.\r\n\r\n- https://github.com/noobdoesre/py-com-tools\r\n\r\n#### Plugins\r\n\r\nIDA already comes with:\r\n\r\n- [Dieter Spaar's COM Interface Plugin](https://www.hex-rays.com/products/ida/support/download.shtml)\r\n\r\n- [Class Informer](https://sourceforge.net/projects/classinformer/) plugin by Sirmabus that can help reconstruct RTTI information for your COM object. It requires IDA Pro 6.9 or greater.\r\n\r\n","funding_links":[],"categories":["\u003ca id=\"c39a6d8598dde6abfeef43faf931beb5\"\u003e\u003c/a\u003e未分类"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabarbatei%2Fida-utils","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fabarbatei%2Fida-utils","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabarbatei%2Fida-utils/lists"}