COM.md 1.0 KB
title: COM.md
-> Interface Model, makes it possible for Applications to call code from other Apps. -> Without knowing underlining structures etc
Client/Server Framework (Malware uses client Models and sometimes COM Servers)
If a Application uses COM Objects it needs to init. those by calling OleInitialize() or CoInitialzeEx()
- GUIDs - globally Unique identifiers
- CLSIDs - Class identifiers
- IIDs - Interface identifiers
CoCreateInstance() is used to get access to the COM functionality.
Classes and theire codes a stored in the Registry under "HKLM\SOFTWARE\Classes\CLSID\"
a function for a COM Objects is called by using the structure given from CoCreateInstance() + the offset of the method you want to call.
HRESULT CoCreateInstance(
_In_ REFCLSID rclsid,
_In_ LPUNKNOWN pUnkOuter,
_In_ DWORD dwClsContext,
_In_ REFIID riid,
_Out_ LPVOID *ppv
);