All geek questions in one place

How to check if a PE file (DLL, EXE) is a COM component?

I need to write a stub module that, when I enter PE (DLL / EXE) as an input, will determine if it is a regular Win32 DLL / EXE or COM DLL / EXE. I need to determine this programmatically.

Are there any Windows APIs for this?

+4
source share
2 answers

I suspect that it will be very difficult to do with an accuracy of 100%. Some thoughts though:

  • The DLL's COM library will export features such as DllRegisterServer and DllUnregisterServer. You can use LoadLibrary () to load the Dll and then GetProcAddress () to check for these functions. If they are there, then it is very likely that his COM-dll.

  • Normal win32 Dll will export DllMain. You can use the same method to verify this. If you find it, then it is very likely that it is win32.

  • I do not know how to find out if exe is a COM server. Servers written using ATL often have script registration built into their resource table, but they do not need this. And you do not need to use ATL to write a COM server. Services using "registry-less" will also have a built-in manifest. You can scan the registry (below HKLM / Classes / Software /) to find out if exe is registered, but it may be that exe uses the registry without lumps or simply has not been registered yet.

Hope this helps.

0
source

For a traditional COM DLL, you can search for well-known exported methods (msdn search for these methods)

  • DllGetClassObject
  • DllRegisterServer
  • DllUnregisterServer
  • DllCanUnloadNow

I am not sure about COM COM servers because they usually use command line options to register / unregister, and for a class object it usually calls CoRegisterClassObject when the EXE starts.

Most COM servers are traditionally also registered in the registry, but now you can create free registration servers.

Are you also looking for a .NET assembly with some visible COM classes?

0
source

Source: https://habr.com/ru/post/1307523/

More articles:


All Articles