pcomspytools.dll
The PCOMSPYTOOLS.DLL is a helper DLL that
- Provides trace and debug functions for COM interfaces. For example, you can dump a list of all interfaces exported by any given IUnknown* to the tracefile.
- Provides spy functions for COM DLL inplace servers implementing IClassFactory. For example, you can use it to see which interfaces MSCOMM32.OCX uses.
The two functionalities are separate - you can use the DLL just for debugging / tracing, or you can use it for spying, or for both.
Configuration
The DLL reads some settings from the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\p-nand-q.com\pcomspytools
The following registry values are read:
TraceFileName : REG_DWORD : "C:\PCOMSPY.LOG"
This is the name of the tracefile.
SpyOnInprocDllName : REG_DWORD : "MSCOMM32.OCX"
This is the name of the COM DLL inproc server to spy on.
API Functions
This section describes the API functions exported by PCOMSPYTOOLS.DLL. They are declared in PCOMSPYTOOLS.H.
DumpAllInterfaces
Prototype
void WINAPI DumpAllInterfaces(IUnknown* p, LPCSTR lpszTagline);
Synopsis
This function dumps all interfaces exported by an IUnknown object to the tracefile. The string lpszTagline is written to the tracefile to make it easier to identify the object.
LookupInterfaceA
Prototype
LPCSTR WINAPI LookupInterfaceA(REFIID riid);
Synopsis
This function returns a textual representation of a known IID, CLSID or LIBID.
LookupHresultA
Prototype
LPCSTR WINAPI LookupHresultA(HRESULT hResult);
Synopsis
This function returns a textual representation of a known HRESULT. This includes the OLE errorcodes, and the MAPI_E_* definitions. If it doesn't find an OLE code, it looks up system error codes.
WriteComTraceA
Prototype
void WINAPI WriteComTraceA( LPCSTR lpszFormat, ... );
Synopsis
You can use this function to write your own text to the com tracefile. The formatting is printf-like
FlushComTracefile
Prototype
void WINAPI FlushComTracefile();
Synopsis
The tracefile is buffered (1K). You can flush back all buffered trace information using this function.
GetMapiTagDescriptionA
Prototype
LPCSTR WINAPI GetMapiTagDescriptionA( DWORD dwTag );
Synopsis
This function looks up a MAPI tag
LookupMapiTagByNameA
Prototype
ULONG WINAPI LookupMapiTagByNameA( LPCSTR lpszTag );
Synopsis
This function returns a MAPI tag associated with a name (e.g. PR_BODY)
IStreamAsBytes
Prototype
class IStreamAsBytes : public IStream { public: virtual LPBYTE STDMETHODCALLTYPE GetData() = 0; virtual DWORD STDMETHODCALLTYPE GetSize() = 0; };
Synopsis
This is a helper interface that represents a copy of an IStream object as a BYTE array (See CreateStreamAsBytes() below. (Of course, the whole IStream must fit into memory). Note that you CANNOT use the associated IStream functions, attempting to do so will return E_OUTOFMEMORY. The IStream is only valid while the source stream is copied; which is hidden from your application.
CreateStreamAsBytes
Prototype
BOOL WINAPI CreateStreamAsBytes( IStream* Source, IStreamAsBytes** Target );
Synopsis
This function will take any incoming IStream object, create a new IStreamAsBytes for it, read its contents and store them in one large byte array. You must call IStreamAsBytes::Release() to free the associated memory
How to spy on a COM DLL inproc server.
This is a step-by-step explanation on how to spy on a COM DLL inproc server using PCOMSPYTOOLS.DLL. This example assumes you want to spy on MSCOMM32.OCX.
- Find out the CLSID the DLL exports. (You can use OLEVIEW for that). For MSCOMM32.OCX, the CLSID is 648A5600-2C6E-101B-82B6-000000000014.
- Change the InprocServer32 registry value for that CLSID. In our example, change
HKEY_CLASSES_ROOT\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\ InprocServer32\@ : REG_SZ : "MSCOMM32.OCX"
toHKEY_CLASSES_ROOT\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\ InprocServer32\@ : REG_SZ : "PCOMSPYTOOLS.DLL"
- Edit the registry parameter
HKEY_LOCAL_MACHINE\SOFTWARE\p-nand-q.com\pcomspytools\ SpyOnInprocDllName : REG_SZ : "MSCOMM32.OCX"
to the original name of the component to spy on. - That's it. You can now start the application and read the tracefile.
Note: Because the tracefile is the same for all instances of PCOMSPYTOOLS.DLL, you cannot spy on components in multiple DLLs.
License
There is no license. This is freeware, use at own risk. Enjoy!
Download
Download the binary and sourcecode here.