pcomspytools.dll

The PCOMSPYTOOLS.DLL is a helper DLL that

The two functionalities are separate - you can use the DLL just for debugging / tracing, or you can use it for spying, or for both.

Configuration

The DLL reads some settings from the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\p-nand-q.com\pcomspytools

The following registry values are read:

TraceFileName : REG_DWORD : "C:\PCOMSPY.LOG"

This is the name of the tracefile.

SpyOnInprocDllName : REG_DWORD : "MSCOMM32.OCX"

This is the name of the COM DLL inproc server to spy on.

API Functions

This section describes the API functions exported by PCOMSPYTOOLS.DLL. They are declared in PCOMSPYTOOLS.H.

DumpAllInterfaces

Prototype

void WINAPI DumpAllInterfaces(IUnknown* p, LPCSTR lpszTagline);

Synopsis

This function dumps all interfaces exported by an IUnknown object to the tracefile. The string lpszTagline is written to the tracefile to make it easier to identify the object.

LookupInterfaceA

Prototype

LPCSTR WINAPI LookupInterfaceA(REFIID riid);

Synopsis

This function returns a textual representation of a known IID, CLSID or LIBID.

LookupHresultA

Prototype

LPCSTR WINAPI LookupHresultA(HRESULT hResult);

Synopsis

This function returns a textual representation of a known HRESULT. This includes the OLE errorcodes, and the MAPI_E_* definitions. If it doesn't find an OLE code, it looks up system error codes.

WriteComTraceA

Prototype

void WINAPI WriteComTraceA( LPCSTR lpszFormat, ... );

Synopsis

You can use this function to write your own text to the com tracefile. The formatting is printf-like

FlushComTracefile

Prototype

void WINAPI FlushComTracefile();

Synopsis

The tracefile is buffered (1K). You can flush back all buffered trace information using this function.

GetMapiTagDescriptionA

Prototype

LPCSTR WINAPI GetMapiTagDescriptionA( DWORD dwTag );

Synopsis

This function looks up a MAPI tag

LookupMapiTagByNameA

Prototype

ULONG WINAPI LookupMapiTagByNameA( LPCSTR lpszTag );

Synopsis

This function returns a MAPI tag associated with a name (e.g. PR_BODY)

IStreamAsBytes

Prototype

class IStreamAsBytes : public IStream   
    {
    public:
        virtual LPBYTE STDMETHODCALLTYPE GetData() = 0;
        virtual DWORD STDMETHODCALLTYPE GetSize() = 0;
    };

Synopsis

This is a helper interface that represents a copy of an IStream object as a BYTE array (See CreateStreamAsBytes() below. (Of course, the whole IStream must fit into memory). Note that you CANNOT use the associated IStream functions, attempting to do so will return E_OUTOFMEMORY. The IStream is only valid while the source stream is copied; which is hidden from your application.

CreateStreamAsBytes

Prototype

BOOL WINAPI CreateStreamAsBytes( IStream* Source, 
                                 IStreamAsBytes** Target );

Synopsis

This function will take any incoming IStream object, create a new IStreamAsBytes for it, read its contents and store them in one large byte array. You must call IStreamAsBytes::Release() to free the associated memory

How to spy on a COM DLL inproc server.

This is a step-by-step explanation on how to spy on a COM DLL inproc server using PCOMSPYTOOLS.DLL. This example assumes you want to spy on MSCOMM32.OCX.

  1. Find out the CLSID the DLL exports. (You can use OLEVIEW for that). For MSCOMM32.OCX, the CLSID is 648A5600-2C6E-101B-82B6-000000000014.
  2. Change the InprocServer32 registry value for that CLSID. In our example, change 
    HKEY_CLASSES_ROOT\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\
    InprocServer32\@ : REG_SZ : "MSCOMM32.OCX"
    to 
    HKEY_CLASSES_ROOT\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\
    InprocServer32\@ : REG_SZ : "PCOMSPYTOOLS.DLL"
  3. Edit the registry parameter 
    HKEY_LOCAL_MACHINE\SOFTWARE\p-nand-q.com\pcomspytools\
    SpyOnInprocDllName : REG_SZ : "MSCOMM32.OCX"
    to the original name of the component to spy on.
  4. That's it. You can now start the application and read the tracefile.

Note: Because the tracefile is the same for all instances of PCOMSPYTOOLS.DLL, you cannot spy on components in multiple DLLs.

License

There is no license. This is freeware, use at own risk. Enjoy!

Download

Download the binary and sourcecode here.