
How One discovers the API for a COM-exporting application (2007) - Tomte
https://wiki.tcl-lang.org/page/How+one+discovers+the+API+for+a+COM-exporting+application
======
alasdairking
The best way is to use Visual Basic 6 and add a reference to the DLL or EXE.
Turn on hidden items in the Object Browser and play around!

~~~
vsareto
That's convenient. I wonder if pentesters/security researchers know about
that.

------
DonHopkins
I just ran across a COM interface in the MOST unexpected of places:

Apple's CoreMediaIO CFPlugIn video capture device plugin interface!

[https://github.com/phracker/MacOSX-
SDKs/blob/master/MacOSX10...](https://github.com/phracker/MacOSX-
SDKs/blob/master/MacOSX10.7.sdk/System/Library/Frameworks/CoreMediaIO.framework/Versions/A/Headers/CMIOHardwarePlugIn.h)

    
    
        /*
             File:       CMIOHardwarePlugIn.h
    
             Contains:   API for the CFPlugIn that implements an CMIO driver for the DAL from user space
    
             Copyright:  © 2004-2010 by Apple Inc., all rights reserved.
        */
    

[...]

    
    
        /*!
            @method         QueryInterface
            @abstract       The IUnknown method for finding an interface on a CFPlugIn type.
            @param          self
                                The CFPlugIn type to query.
            @param          uuid
                                The UUID of the interface to find.
            @param          interface
                                The returned interface or NULL if none was found.
            @result         An error code indicating success of failure.
        */
            HRESULT
            (STDMETHODCALLTYPE *QueryInterface)(    void*   self,
                                                    REFIID  uuid,
                                                    LPVOID* interface);
    

BUSTED!

[https://github.com/lvsti/CoreMediaIO-DAL-
Example/blob/0392cb...](https://github.com/lvsti/CoreMediaIO-DAL-
Example/blob/0392cbf27ed33425a1a5bd9f495b2ccec8f20501/Sources/Extras/CoreMediaIO/DeviceAbstractionLayer/Devices/DP/Base/CMIO_DP_HardwarePlugInInterface.cpp#L98)

~~~
pcr910303
Apple's CoreFoundation has used COM since 1.3... and CFPlugIns[0] are the ones
that implement them.

[0]
[https://developer.apple.com/library/archive/documentation/Co...](https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFPlugIns/Concepts/com.html)

------
wslh
In our company we focused on edge cases where you need to intercept existing
or hidden COM interfaces.

You can take a look at the following software (including source code):

RemoteBridge: [https://www.nektra.com/products/remotebridge-automation-
engi...](https://www.nektra.com/products/remotebridge-automation-engine-for-
java-and-com/index.html)

Deviare: [https://www.nektra.com/products/deviare-api-hook-
windows/](https://www.nektra.com/products/deviare-api-hook-windows/)

------
kazinator
The API of a COM object is described in a Type Library file (.tlb suffix).

This is is not necessarily available for every COM object.

COM objects intended for use with C++ work without it, because the COM
interface is based on calling C++ virtual functions, for which you just need a
declaration from a header file.

To discover the API of a COM object without the .idl file or type library, you
have to do binary reverse engineering: disassemble the functions linked into
the object's vtable.

~~~
pjmlp
Old style COM is defined in tlb files.

Modern COM (UWP) uses .NET metadata and is stored in .winmd files.

C#, VB.NET, JS(Chakra), C++/CX can use them directly, while with C++/WinRT a
source file generator was introduced that generates the necessary boilerplate
to access the objects in a C++17 friendly way.

Microsoft now calls to COM libraries without type libraries, like DirectX,
mini-COM.

