监视COM对象 [英] Spying on COM Objects
问题描述
我设置了一个新的任务,涉及COM对象上的间谍。
I've set myself a new task which involves "spying" on COM objects.
即使你不做COM,你也许熟悉API挂钩技术,您可以挂钩到导入的函数并在调用原始代码之前执行自己的代码。 API钩子有点复杂,但如果你试图钩到COM对象方法,它很快就变得杂乱(对于生产代码IMO来说太杂乱)。
Even if you don't do COM, you're probably familiar with API hooking techniques where you can hook onto an imported function and execute your own code before calling the original. API hooking is somewhat complex but it quickly gets messy (too messy for production code IMO) if you try to hook onto COM Object Methods.
现在,做我的工作,我为CoCreateInstance设置了一个API钩子,并为我感兴趣的接口派发手写代理。现在不是很多接口,但它不是最整洁的解决方案。
So, at the moment, to do "my job", I set an API hook for CoCreateInstance and I dispatch hand-written proxies for the interfaces that I am interested in. Now that's not a lot of interfaces but it's not the neatest of solutions either.
有没有办法以更简洁的方式做到这一点,最好不使用API钩子?
Is there a way to do this in a neater way, preferably without using API hooking?
另一方面,本文似乎是伟大的工作 http://www.ddj.com/windows/184416546?pgno = 5 但二进制不工作了(我猜是写在Win98时间)。
On a another note, this article seems to be great work http://www.ddj.com/windows/184416546?pgno=5 but the binary doesn't work anymore (I guess it was written around Win98 time). Does anyone know the internals of it and can point me to the right direction to making it work again?
感谢
推荐答案
我肯定会推荐使用Keith Brown的Universal Delegator来做低级拦截。 Kim Grasman提到的ComTrace工具使用它。它允许你在一个可以做截取,日志记录等的shell中包装任意的com对象。描述通用委托者的原始文章(代码)是此处和这里。
I'd definitely recommend using Keith Brown's 'Universal Delegator' to do the low-level interception. The ComTrace tool mentioned by Kim Grasman uses it. It lets you wrap an arbitrary com object in a 'shell' that can do interception, logging, etc. The original articles (with code) describing the universal delegator are here and here.
如果你想在任意进程中监听com对象(你没有源代码)还需要做代码注入,使用CreateRemoteThread()或类似的东西。有一篇文章这里可能会让你开始,如果你'以前没有做过。
If you want to spy on com objects in arbitrary processes (that you don't have the source for) then you'll also need to do code injection, using CreateRemoteThread() or something similar. There's an article here that might get you started if you've not done it before.
这篇关于监视COM对象的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
