Skip to content
Permalink
Browse files

Added a generic interface to surface GUIDs. Also added symbol files f…

…or latest 1809.
  • Loading branch information...
James Forshaw
James Forshaw committed Aug 19, 2019
1 parent 3d8b9cc commit e2f1897322bcaae0e040438a3e5043f90533b610
@@ -2613,7 +2613,7 @@ internal COMMethodEntry(string name, string address, string symbol)
}
}

public class COMIPIDEntry : IProxyFormatter
public class COMIPIDEntry : IProxyFormatter, IComGuid
{
private readonly COMRegistry m_registry;

@@ -2659,6 +2659,8 @@ public bool IsRunning
public int ProcessId => COMUtilities.GetProcessIdFromIPid(Ipid);
public string ProcessName => COMUtilities.GetProcessNameById(ProcessId);

Guid IComGuid.ComGuid => Ipid;

public byte[] ToObjref()
{
MemoryStream stm = new MemoryStream();
@@ -162,7 +162,7 @@ public override string ToString()
}
}

public class COMAppIDEntry : IComparable<COMAppIDEntry>, IXmlSerializable, ICOMAccessSecurity
public class COMAppIDEntry : IComparable<COMAppIDEntry>, IXmlSerializable, ICOMAccessSecurity, IComGuid
{
internal COMAppIDEntry(Guid appId, RegistryKey key, COMRegistry registry) : this(registry)
{
@@ -402,6 +402,8 @@ public PreferredServerBitness PreferredServerBitness

string ICOMAccessSecurity.DefaultLaunchPermission => Database.DefaultLaunchPermission;

Guid IComGuid.ComGuid => AppId;

public override string ToString()
{
return Name;
@@ -509,7 +509,7 @@ public interface ICOMClassEntry
bool SupportsRemoteActivation { get; }
}

public class COMCLSIDEntry : IComparable<COMCLSIDEntry>, IXmlSerializable, ICOMClassEntry, ICOMAccessSecurity
public class COMCLSIDEntry : IComparable<COMCLSIDEntry>, IXmlSerializable, ICOMClassEntry, ICOMAccessSecurity, IComGuid
{
private List<COMInterfaceInstance> m_interfaces;
private List<COMInterfaceInstance> m_factory_interfaces;
@@ -1243,6 +1243,8 @@ public object CreateClassFactory(CLSCTX dwContext, string server)

string ICOMAccessSecurity.DefaultLaunchPermission => Database.DefaultLaunchPermission;

Guid IComGuid.ComGuid => Clsid;

public override string ToString()
{
return Name;
@@ -23,7 +23,7 @@

namespace OleViewDotNet.Database
{
public class COMCategory : IXmlSerializable
public class COMCategory : IXmlSerializable, IComGuid
{
private readonly COMRegistry m_registry;

@@ -38,6 +38,8 @@ public IEnumerable<COMCLSIDEntry> ClassEntries
}
}

Guid IComGuid.ComGuid => CategoryID;

internal COMCategory(COMRegistry registry, Guid catid, IEnumerable<Guid> clsids)
: this(registry)
{
@@ -24,7 +24,7 @@

namespace OleViewDotNet.Database
{
public class COMInterfaceEntry : IComparable<COMInterfaceEntry>, IXmlSerializable
public class COMInterfaceEntry : IComparable<COMInterfaceEntry>, IXmlSerializable, IComGuid
{
private static ConcurrentDictionary<Guid, string> m_iidtoname = new ConcurrentDictionary<Guid, string>();
private readonly COMRegistry m_registry;
@@ -339,6 +339,8 @@ public COMRegistryEntrySource Source
get; private set;
}

Guid IComGuid.ComGuid => Iid;

public override bool Equals(object obj)
{
if (base.Equals(obj))
@@ -22,7 +22,7 @@

namespace OleViewDotNet.Database
{
public class COMProgIDEntry : IComparable<COMProgIDEntry>, IXmlSerializable
public class COMProgIDEntry : IComparable<COMProgIDEntry>, IXmlSerializable, IComGuid
{
private readonly COMRegistry m_registry;

@@ -79,6 +79,8 @@ public COMCLSIDEntry ClassEntry

public COMRegistryEntrySource Source { get; private set; }

Guid IComGuid.ComGuid => Clsid;

public override string ToString()
{
return Name;
@@ -24,7 +24,7 @@

namespace OleViewDotNet.Database
{
public class COMTypeLibEntry : IComparable<COMTypeLibEntry>, IXmlSerializable
public class COMTypeLibEntry : IComparable<COMTypeLibEntry>, IXmlSerializable, IComGuid
{
private readonly COMRegistry m_registry;

@@ -74,6 +74,8 @@ private List<COMTypeLibVersionEntry> LoadFromKey(RegistryKey key)
public string Name { get; private set; }
public COMRegistryEntrySource Source { get; private set; }

Guid IComGuid.ComGuid => TypelibId;

public override bool Equals(object obj)
{
if (base.Equals(obj))
@@ -160,7 +162,7 @@ public override string ToString()
}
}

public class COMTypeLibVersionEntry : IXmlSerializable
public class COMTypeLibVersionEntry : IXmlSerializable, IComGuid
{
private readonly COMRegistry m_registry;

@@ -211,6 +213,8 @@ public string NativePath
}
}

Guid IComGuid.ComGuid => TypelibId;

internal COMTypeLibVersionEntry(COMRegistry registry, string name, string version, Guid typelibid, int locale, RegistryKey key)
: this(registry, typelibid)
{
@@ -1094,68 +1094,21 @@ private async void treeComRegistry_BeforeExpand(object sender, TreeViewCancelEve

private static bool CanGetGuid(TreeNode node)
{
Guid guid = Guid.Empty;
if (node != null)
{
object tag = node.Tag;
if (tag is COMCLSIDEntry ||
tag is COMInterfaceEntry ||
tag is COMProgIDEntry ||
tag is COMTypeLibVersionEntry ||
tag is COMTypeLibEntry ||
tag is Guid ||
tag is COMAppIDEntry ||
tag is COMIPIDEntry ||
tag is COMCategory)
{
return true;
}
}
return false;
object tag = node?.Tag;
return tag is IComGuid || tag is Guid;
}

private static Guid GetGuidFromType(TreeNode node)
{
if (node != null)
object tag = node?.Tag;
if (tag is IComGuid com_guid)
{
object tag = node.Tag;
if (tag is COMCLSIDEntry)
{
return ((COMCLSIDEntry)tag).Clsid;
}
else if (tag is COMInterfaceEntry)
{
return ((COMInterfaceEntry)tag).Iid;
}
else if (tag is COMProgIDEntry)
{
COMProgIDEntry ent = (COMProgIDEntry)tag;
return ent.Clsid;
}
else if (tag is COMTypeLibVersionEntry)
{
return ((COMTypeLibVersionEntry)tag).TypelibId;
}
else if (tag is COMTypeLibEntry)
{
return ((COMTypeLibEntry)tag).TypelibId;
}
else if (tag is Guid)
{
return (Guid)tag;
}
else if (tag is COMAppIDEntry)
{
return ((COMAppIDEntry)tag).AppId;
}
else if (tag is COMIPIDEntry)
{
return ((COMIPIDEntry)tag).Ipid;
}
else if (tag is COMCategory)
{
return ((COMCategory)tag).CategoryID;
}
return com_guid.ComGuid;
}

if (tag is Guid guid)
{
return guid;
}

return Guid.Empty;
@@ -1164,7 +1117,6 @@ private static Guid GetGuidFromType(TreeNode node)
private void copyGUIDToolStripMenuItem_Click(object sender, EventArgs e)
{
Guid guid = GetGuidFromType(treeComRegistry.SelectedNode);

if (guid != Guid.Empty)
{
COMUtilities.CopyGuidToClipboard(guid, GuidFormat.String);
@@ -0,0 +1,25 @@
// This file is part of OleViewDotNet.
// Copyright (C) James Forshaw 2019
//
// OleViewDotNet is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// OleViewDotNet is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with OleViewDotNet. If not, see <http://www.gnu.org/licenses/>.

using System;

namespace OleViewDotNet
{
public interface IComGuid
{
Guid ComGuid { get; }
}
}
@@ -98,6 +98,7 @@
</Compile>
<Compile Include="ActivationContext.cs" />
<Compile Include="Database\AppxPackageName.cs" />
<Compile Include="IComGuid.cs" />
<Compile Include="Wrappers\BuiltinWrappers.cs" />
<Compile Include="Wrappers\COMProxyInstanceConverter.cs" />
<Compile Include="Forms\BuildMonikerForm.cs">
@@ -467,6 +468,9 @@
<None Include="symbol_cache\01D1C2614764A607E4A5511B269541C7.sym">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</None>
<None Include="symbol_cache\09F4C2218CDCBE274B6F6DB07C6D5D8C.sym">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</None>
<None Include="symbol_cache\16290BF8DC4D45667CDA3011788834A5.sym">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</None>
@@ -521,6 +525,9 @@
<None Include="symbol_cache\90042A515118CB205BBEAD51F8EF5810.sym">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</None>
<None Include="symbol_cache\9B19279533B9C1539FB262B8D0B0DB51.sym">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</None>
<None Include="symbol_cache\9DEFDAB1B9116D6031522670A6898845.sym">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</None>
@@ -0,0 +1,19 @@
# Microsoft Windows NT 10.0.17763.0 C:\Windows\System32\combase.dll 10.0.17763.1 (WinBuild.160101.0800)
2325072 combase!CIPIDTable::_palloc
2322512 combase!g_AppId
2323028 combase!gSecDesc
2326988 combase!gLrpcSecurityDescriptor
2323912 combase!gwszLRPCEndPoint
2322876 combase!gCapabilities
2319944 combase!gAuthnLevel
2319948 combase!gImpLevel
2319980 combase!g_GLBOPT_UnmarshalingPolicy
2323032 combase!gAccessControl
2323492 combase!ghwndOleMainThread
2323432 combase!CClassCache::_MTALSvrsFront
2323436 combase!CClassCache::_NTALSvrsFront
2328652 combase!g_ActivationFilter
2319720 combase!COIDTable::s_OIDBuckets
2316448 combase!CClassCache::_LSvrActivatableClassEBuckets
2322756 combase!g_pMTAEmptyCtx
2322728 combase!CProcessSecret::s_guidOle32Secret
@@ -0,0 +1,19 @@
# Microsoft Windows NT 10.0.17763.0 C:\Windows\System32\combase.dll 10.0.17763.1 (WinBuild.160101.0800)
3000464 combase!CIPIDTable::_palloc
3000192 combase!g_AppId
3001176 combase!gSecDesc
3007048 combase!gLrpcSecurityDescriptor
3003040 combase!gwszLRPCEndPoint
3001268 combase!gCapabilities
2996208 combase!gAuthnLevel
2996212 combase!gImpLevel
2996232 combase!g_GLBOPT_UnmarshalingPolicy
3001168 combase!gAccessControl
3002024 combase!ghwndOleMainThread
3001928 combase!CClassCache::_MTALSvrsFront
3001912 combase!CClassCache::_NTALSvrsFront
3008560 combase!g_ActivationFilter
2995312 combase!COIDTable::s_OIDBuckets
2989968 combase!CClassCache::_LSvrActivatableClassEBuckets
3000872 combase!g_pMTAEmptyCtx
3000832 combase!CProcessSecret::s_guidOle32Secret
@@ -2863,6 +2863,8 @@ function ConvertTo-ComAssembly {
Converts various input formats into a GUID.
.DESCRIPTION
This cmdlet converts various input formats into a GUID structure.
.PARAMETER ComGuid
Get GUIDs from database objects.
.PARAMETER Bytes
Convert from a 16 byte array.
.PARAMETER Ints
@@ -2873,20 +2875,29 @@ None
System.Guid
#>
function Get-ComGuid {
[CmdletBinding(DefaultParameterSetName="FromBytes")]
[CmdletBinding(DefaultParameterSetName="FromComGuid")]
Param(
[parameter(Mandatory, ParameterSetName = "FromBytes", Position = 0)]
[parameter(Mandatory, ParameterSetName = "FromComGuid", Position = 0, ValueFromPipeline)]
[OleViewDotNet.IComGuid[]]$ComGuid,
[parameter(Mandatory, ParameterSetName = "FromBytes")]
[byte[]]$Bytes,
[parameter(Mandatory, ParameterSetName = "FromInts")]
[int[]]$Ints
)

switch($PSCmdlet.ParameterSetName) {
"FromBytes" {
[guid]::new($Bytes)
}
"FromInts" {
[OleViewDotNet.PowerShell.PowerShellUtils]::GuidFromInts($Ints)
PROCESS {
switch($PSCmdlet.ParameterSetName) {
"FromBytes" {
[guid]::new($Bytes) | Write-Output
}
"FromInts" {
[OleViewDotNet.PowerShell.PowerShellUtils]::GuidFromInts($Ints) | Write-Output
}
"FromComGuid" {
foreach($obj in $Object) {
$Object.ComGuid | Write-Output
}
}
}
}
}

0 comments on commit e2f1897

Please sign in to comment.
You can’t perform that action at this time.