Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
img
 
 
 
 
 
 

README.md

DumpVTable

This program generates a Python script to give public interface names in an ActiveX file to the IDA Pro database file (IDB).

Usage

>DumpVTable.exe
usage:
    >this.exe target_file out_file [-r] [-y]

    target_file: A path of a target COM file.
    out_file: A file name of an output Python script.
    -r: Register a target file as COM during analysis.
        It may require Administrators privilege.
    -y: Do not show a warning message.

As an example, assuming that you are going to analyze Flash10zr.ocx with IDA Pro.

First, you can use this tool to create a Python script (out.py).

>DumpVTable.exe C:\Windows\SysWOW64\Macromed\Flash\Flash10zr.ocx out.py

Next, you can open the target file with IDA Pro.

Before

Then, you apply the script to the IDB from [File] > [Script file] menu on IDA Pro.

After

That's it. Have fun!

Note

  • When you see the error message 'ERROR: CoCreateInstance returned 80040154', you will need to register the target file with a command line option '-r'.
  • When you see the error message 'ERROR: File mismatch []', you will need to specify as a target file.

Supported Platforms

  • Windows XP SP3
  • Windows 7 SP1
  • IDA Pro Standard version 6 and later.
  • Cannot handle 64bit target files.

License

This software is released under the MIT License, see LICENSE.

About

Generates a Python script to give public interface names in an ActiveX file to an IDB file.

Resources

License

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.