Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fboldewin/com-code-helper
Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code
https://github.com/fboldewin/com-code-helper
Last synced: about 2 months ago
JSON representation
Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code
- Host: GitHub
- URL: https://github.com/fboldewin/com-code-helper
- Owner: fboldewin
- Created: 2019-11-22T13:59:30.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2020-10-05T13:59:17.000Z (almost 4 years ago)
- Last Synced: 2024-04-12T20:38:45.250Z (6 months ago)
- Language: Python
- Homepage:
- Size: 1.99 MB
- Stars: 178
- Watchers: 13
- Forks: 35
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# COM-Code-Helper
Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code
Especially malware reversers will find this useful, as COM Code is still regularly found in malware.
# ClassAndInterfaceToNames.py
This IDAPython script scans an idb file for class and interfaces UUIDs and creates the matching structure and its name.
Make sure to copy interfaces.txt + classes.txt is in the same directory as ClassAndInterfaceToNames.py
# Microsoft-SDK-Vtable-Structs.py
This IDAPython script creates vtables derrived from Microsoft SDK.
Execution of the script takes a while, as lot of structures are created. After the script finished, go to the COM code
you like to reconstruct, press 'T' and select the correct vtable-structure.
To learn about COM check out the Microsoft website:
https://docs.microsoft.com/en-us/windows/win32/com/the-component-object-model
Code was tested on IDA 7.4 and Python versions 2+3
