Category Archives: COM

COM details for Code Auditors (Auditing an COM code for vulnerabilities)

  In this post i will discuss about code auditing of a COM. Other than the usual native codebase vulnerabilities, we will look into COM specific rules that needs to be followed by the developer. Most of the time these … Continue reading

Posted in Code review experiance, COM | Tagged , , , , | Leave a comment

COM Internals (Inside COM Book)

Finally i got some time to understand the core of COM. I started with the “Inside COM”by Dale Rogerson (http://www.amazon.com/Inside-Microsoft-Programming-Dale-Rogerson/dp/1572313498). It is one of the best book to understand COM. COM Spec is around 256 pages. We use COM to … Continue reading

Posted in COM | Tagged , , , , | Leave a comment

Script to automatically extract the IDL from the installation folder.

  Auditing an application is mixture of source code analysis and binary analysis. When you auditing a new application , it is good to know the COM interfaces in the application. I extract the MSI/zip files into a folder and … Continue reading

Posted in COM, ole, python, Tools | Tagged , , , , , , | Leave a comment