def supportsIObjectSafety(self):
try:
iuk = iquery.iQuery(self.clsid)
if iuk.isInterfaceSupported(CLSID_IObjectSafety):
return True
except RuntimeError, exc:
return False
def supportsIObjectSafety(self):
try:
iuk = iquery.iQuery(self.clsid)
if iuk.isInterfaceSupported(CLSID_IObjectSafety):
return True
except RuntimeError, exc:
return False
def __str__(self):
#basic info from the registry
out = "+" + ("-"*78) + "+\n"
out += "CLSID: %s\n" % self.clsid
if self.defaultInfo:
out += "Default Info: %s\n" % self.defaultInfo
if self.progID:
out += "ProgID: %s\n" % self.progID
if self.indProgID:
out += "IndependentProgID: %s\n" % self.indProgID
if self.version:
out += "Version: %s\n" % self.version
if self.InProcServer:
if self.InProcSupportsASLR:
aslr = "[ASLR]"
else:
aslr = "[!ASLR]"
out += "InProcServer %s, Threading Model %s %s\n" % \
(self.InProcServer, self.inprocThreadingModel, aslr)
if self.LocalServer:
if self.LocalSupportsASLR:
aslr = "[ASLR]"
else:
aslr = "[!ASLR]"
out += "LocalServer %s, Local Threading Model %s %s\n" % \
(self.LocalServer, self.localThreadingModel, aslr)
#killbit + object safety
if self.killbit:
out += "[!]Killbit set\n"
if self.iobjSafety:
out += "Implements IObjectSafety:\n"
#this should never fail, since we've already tested it
try:
iuk = iquery.iQuery(self.clsid)
except RuntimeError, exc:
print "ERROR: Can't create IObjectSafety for %s" % self.clsid
sys.exit(1)
out += "[i]Scripting support...\n"
for i in SCRIPT_INTERFACES:
if self.supportsInterface(i[1]):
try:
if iuk.isSafeScript(i[1]):
out += "\t[+]%s is Safe For Scripting\n" % i[0]
else:
out += "\t[!]%s is NOT Safe For Scripting\n" % i[0]
except RuntimeError, exc:
out += "\t[!]%s is NOT Safe For Scripting\n" % i[0]
def __str__(self):
#basic info from the registry
out = "+" + ("-" * 78) + "+\n"
out += "CLSID: %s\n" % self.clsid
if self.defaultInfo:
out += "Default Info: %s\n" % self.defaultInfo
if self.progID:
out += "ProgID: %s\n" % self.progID
if self.indProgID:
out += "IndependentProgID: %s\n" % self.indProgID
if self.version:
out += "Version: %s\n" % self.version
if self.InProcServer:
if self.InProcSupportsASLR:
aslr = "[ASLR]"
else:
aslr = "[!ASLR]"
out += "InProcServer %s, Threading Model %s %s\n" % \
(self.InProcServer, self.inprocThreadingModel, aslr)
if self.LocalServer:
if self.LocalSupportsASLR:
aslr = "[ASLR]"
else:
aslr = "[!ASLR]"
out += "LocalServer %s, Local Threading Model %s %s\n" % \
(self.LocalServer, self.localThreadingModel, aslr)
#killbit + object safety
if self.killbit:
out += "[!]Killbit set\n"
if self.iobjSafety:
out += "Implements IObjectSafety:\n"
#this should never fail, since we've already tested it
try:
iuk = iquery.iQuery(self.clsid)
except RuntimeError, exc:
print "ERROR: Can't create IObjectSafety for %s" % self.clsid
sys.exit(1)
out += "[i]Scripting support...\n"
for i in SCRIPT_INTERFACES:
if self.supportsInterface(i[1]):
try:
if iuk.isSafeScript(i[1]):
out += "\t[+]%s is Safe For Scripting\n" % i[0]
else:
out += "\t[!]%s is NOT Safe For Scripting\n" % i[0]
except RuntimeError, exc:
out += "\t[!]%s is NOT Safe For Scripting\n" % i[0]
def queryFile(comFile, tMan, iMan, coClassCLSID=None, coClassName=None):
success = False
imgBase = idaapi.get_imagebase()
class tmpCoClass(object):
def __init__(self, name, iid):
self.iid = iid
self.name = self.entryName = coClassName
if not os.access(comFile, os.R_OK | os.X_OK):
print "Bad file permissions on %s, can't RX" % (comFile)
return False
try:
tlb = pyTypeLibs.typeLib(comFile)
tMan.addLib(tlb)
classes = tlb.getClasses()
except OSError:
if not coClassCLSID:
print "%s has no typelib, but we need a CLSID to create an instance" % comFile
print "Try passing the -C argument with a clsid to instantiate"
return False
else:
tmpClass = tmpCoClass("obj", coClassCLSID)
print "Using CLSID %s to instantiate" % (coClassCLSID)
classes = [tmpClass]
#
if coClassCLSID:
tmpClass = tmpCoClass("obj", coClassCLSID)
print "Using CLSID %s to instantiate" % (coClassCLSID)
classes = [tmpClass]
#
for coclass in classes:
#try and instantiate each coclass we find
try:
iuk = iquery.iQuery()
if iuk.coCreateUnknown(comFile, coclass.iid):
success = True
print "Class %s (%s)" % (coclass.entryName, coclass.iid)
del iuk
else:
print "Failed to CoCreate class %s %s" % (coclass.entryName,
coClass.iid)
continue
#
for iFace in iMan.getInterfaceList():
#any exception caught by the outside try{}
iuk = iquery.iQuery()
if not iuk.coCreateUnknown(comFile, coclass.iid):
break
#
try:
if iuk.isInterfaceSupported(iFace.iid):
iMan.resolveBase(iFace)
print " Interface %s %s" % (iFace.entryName,
iFace.iid)
print " Inheritance hierarchy: %s" % (
iFace.hierStr())
vtOffset = imgBase + iuk.getIFaceVTOffset(iFace.iid)
iName = coclass.entryName + "::" + iFace.entryName
if not idaapi.set_name(int(vtOffset), str(iName)):
print "ERROR:Failed to set interface name, (%#x, %s)" % (
vtOffset, iName)
print " %s - VT addr %#x" % (iFace.entryName,
vtOffset)
offset = 0
for func in iFace.getVtable():
fName = iName + "::" + func.name
fAddr = idc.Dword(vtOffset + offset)
if not idaapi.set_name(int(fAddr), str(fName)):
print "ERROR:Failed to set function name, (%#x, %s)" % (
fAddr, fName)
break
#print " (%#x) %s" % (vtOffset + offset, str(func))
offset += 4
else:
#print "%s (%s) not supported" % (iFace.iid, iFace.entryName)
pass
except RuntimeError, exc:
#print "EXC %s" % (exc)
#print "%s (%s) not supported (EXC)" % (iFace.iid, iFace.entryName)
pass
del iuk
except RuntimeError, exc:
if not isinstance(coclass,
pyTypeLibs.tCoClass) or coclass.canCreate():
print "INFO:Failed to CoCreate class %s %s, %s" % (
coclass.entryName, coclass.iid, str(exc))
print(
"If LoadLibrary() failed, it may be because the DLL tried load a resource\n"
"DLL that is based on the current module name. msxml3.dll tries to do this\n"
"when it tries to load msxml3r.dll\n")
def queryInterface(self, iFace):
try:
iuk = iquery.iQuery(self.clsid)
except RuntimeError, exc:
print "ERROR: Can't create %s" % (self.clsid)
sys.exit(1)
out += ("*"*80) + "\n"
if self.tlb:
out += "Typelib information:\n"
out += "Typelib CLSID: %s\n" % (self.tlb.guid)
if self.tlbEntry:
out += "TypeLib: Version %d.%d Locale %s File %s\n" % \
(self.tlb.major, self.tlb.minor, self.tlb.lcid,
self.tlb.tlbFile)
out += ("*"*80) + "\n"
#supported interfaces
if self.interfaces:
#resolve base addr of vtable
try:
iuk = iquery.iQuery(self.clsid)
except RuntimeError, exc:
print "ERROR: Can't create interface for %s" % self.clsid
sys.exit(1)
out += "[ %d Interfaces implemented ]\n" % (len(self.interfaces))
for iFace in self.interfaces:
vtOffset = iuk.getIFaceVTOffset(iFace.iid)
out += "+"*79 + "\n"
out += " %s (%s) - VT Offset %#x\n" % (iFace.entryName, iFace.iid, vtOffset)
offset = 0
for func in iFace.getVtable():
out += " (%#x) %s\n" % (vtOffset + offset, str(func))
offset += 4
out += "+" + ("-"*78) + "+\n"
def queryFile(comFile, tMan, iMan, coClassCLSID=None, coClassName=None):
success = False
imgBase = idaapi.get_imagebase()
class tmpCoClass(object):
def __init__(self, name, iid):
self.iid = iid
self.name = self.entryName = coClassName
if not os.access(comFile, os.R_OK|os.X_OK):
print "Bad file permissions on %s, can't RX" % (comFile)
return False
try:
tlb = pyTypeLibs.typeLib(comFile)
tMan.addLib(tlb)
classes = tlb.getClasses()
except OSError:
if not coClassCLSID:
print "%s has no typelib, but we need a CLSID to create an instance" % comFile
print "Try passing the -C argument with a clsid to instantiate"
return False
else:
tmpClass = tmpCoClass("obj", coClassCLSID)
print "Using CLSID %s to instantiate" % (coClassCLSID)
classes = [tmpClass]
#
if coClassCLSID:
tmpClass = tmpCoClass("obj", coClassCLSID)
print "Using CLSID %s to instantiate" % (coClassCLSID)
classes = [tmpClass]
#
for coclass in classes:
#try and instantiate each coclass we find
try:
iuk = iquery.iQuery()
if iuk.coCreateUnknown(comFile, coclass.iid):
success = True
print "Class %s (%s)" % (coclass.entryName, coclass.iid)
del iuk
else:
print "Failed to CoCreate class %s %s" % (coclass.entryName, coClass.iid)
continue
#
for iFace in iMan.getInterfaceList():
#any exception caught by the outside try{}
iuk = iquery.iQuery()
if not iuk.coCreateUnknown(comFile, coclass.iid):
break
#
try:
if iuk.isInterfaceSupported(iFace.iid):
iMan.resolveBase(iFace)
print " Interface %s %s" % (iFace.entryName, iFace.iid)
print " Inheritance hierarchy: %s" % (iFace.hierStr())
vtOffset = imgBase + iuk.getIFaceVTOffset(iFace.iid)
iName = coclass.entryName + "::" + iFace.entryName
if not idaapi.set_name(int(vtOffset), str(iName)):
print "ERROR:Failed to set interface name, (%#x, %s)" % (vtOffset, iName)
print " %s - VT addr %#x" % (iFace.entryName, vtOffset)
offset = 0
for func in iFace.getVtable():
fName = iName + "::" + func.name
fAddr = idc.Dword(vtOffset + offset)
if not idaapi.set_name(int(fAddr), str(fName)):
print "ERROR:Failed to set function name, (%#x, %s)" % (fAddr, fName)
break
#print " (%#x) %s" % (vtOffset + offset, str(func))
offset += 4
else:
#print "%s (%s) not supported" % (iFace.iid, iFace.entryName)
pass
except RuntimeError, exc:
#print "EXC %s" % (exc)
#print "%s (%s) not supported (EXC)" % (iFace.iid, iFace.entryName)
pass
del iuk
except RuntimeError, exc:
if not isinstance(coclass, pyTypeLibs.tCoClass) or coclass.canCreate():
print "INFO:Failed to CoCreate class %s %s, %s" % (coclass.entryName, coclass.iid, str(exc))
print("If LoadLibrary() failed, it may be because the DLL tried load a resource\n"
"DLL that is based on the current module name. msxml3.dll tries to do this\n"
"when it tries to load msxml3r.dll\n")
def queryInterface(self, iFace):
try:
iuk = iquery.iQuery(self.clsid)
except RuntimeError, exc:
print "ERROR: Can't create %s" % (self.clsid)
sys.exit(1)
out += ("*" * 80) + "\n"
if self.tlb:
out += "Typelib information:\n"
out += "Typelib CLSID: %s\n" % (self.tlb.guid)
if self.tlbEntry:
out += "TypeLib: Version %d.%d Locale %s File %s\n" % \
(self.tlb.major, self.tlb.minor, self.tlb.lcid,
self.tlb.tlbFile)
out += ("*" * 80) + "\n"
#supported interfaces
if self.interfaces:
#resolve base addr of vtable
try:
iuk = iquery.iQuery(self.clsid)
except RuntimeError, exc:
print "ERROR: Can't create interface for %s" % self.clsid
sys.exit(1)
out += "[ %d Interfaces implemented ]\n" % (len(self.interfaces))
for iFace in self.interfaces:
vtOffset = iuk.getIFaceVTOffset(iFace.iid)
out += "+" * 79 + "\n"
out += " %s (%s) - VT Offset %#x\n" % (iFace.entryName,
iFace.iid, vtOffset)
offset = 0
for func in iFace.getVtable():
out += " (%#x) %s\n" % (vtOffset + offset, str(func))
offset += 4
#!/cygdrive/c/Python27/python.exe
import sys
import pythoncom
import iquery
if len(sys.argv) < 2:
print "Usage %s < clsid > < iid >" % sys.argv[0]
sys.exit(1)
clsid = sys.argv[1]
iid = sys.argv[2]
#
try:
iuk = iquery.iQuery(clsid)
except RuntimeError, exc:
print "Failed to create %s" % (clsid)
sys.exit(1)
try:
if iuk.isInterfaceSupported(iid):
print "%s supports %s" % (clsid, iid)
else:
print "%s DOES NOT support %s" % (clsid, iid)
except RuntimeError, exc:
print "%s DOES NOT support %s (%s)" % (clsid, iid, str(exc))
