-
-
[求助]关于GUID
-
发表于: 2010-1-26 10:47
-
一直搞不明白,在asm中如何调用com,最近看了一些com in asm,模糊有个大概的概念了,也想自己参照写一个,但是那个GUID从何而来,如何手动算出,一直不得其解,google和baidu也无法找到相关内容,特来请教各位大大,希望大大们能为俺解惑,谢谢各位大大。
附google到的一份ASM中调用WMI的例子:
附google到的一份ASM中调用WMI的例子:
.586
.MODEL FLAT,STDCALL
OPTION CASEMAP:NONE
INCLUDE windows.inc
INCLUDE kernel32.inc
INCLUDE ole32.inc
INCLUDE msvcrt.inc
;INCLUDE gel32.inc
INCLUDELIB kernel32.lib
INCLUDELIB ole32.lib
INCLUDELIB msvcrt.lib
;INCLUDELIB gel32.lib
INCLUDE ucmacros.asm
; located in ObjIdl.h
EOAC_NONE EQU 0
; located in RpcDce.h
RPC_C_AUTHN_LEVEL_DEFAULT EQU 0
RPC_C_IMP_LEVEL_DEFAULT EQU 0
RPC_C_IMP_LEVEL_IMPERSONATE EQU 3
GUID2 STRUC
dd1 DWORD ?
dw1 WORD ?
dw2 WORD ?
db1 BYTE ?
db2 BYTE ?
db3 BYTE ?
db4 BYTE ?
db5 BYTE ?
db6 BYTE ?
db7 BYTE ?
db8 BYTE ?
GUID2 ENDS
IWbemLocator STRUCT
lpVtbl DWORD ?
IWbemLocator ENDS
IWbemLocatorVtbl STRUCT
QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
ConnectServer DWORD ?
IWbemLocatorVtbl ENDS
IWbemServices STRUCT
lpVtbl DWORD ?
IWbemServices ENDS
IWbemServicesVtbl STRUCT
QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
OpenNamespace DWORD ?
CancelAsyncCall DWORD ?
QueryObjectSink DWORD ?
GetObject DWORD ?
GetObjectAsync DWORD ?
PutClass DWORD ?
PutClassAsync DWORD ?
DeleteClass DWORD ?
DeleteClassAsync DWORD ?
CreateClassEnum DWORD ?
CreateClassEnumAsync DWORD ?
PutInstance DWORD ?
PutInstanceAsync DWORD ?
DeleteInstance DWORD ?
DeleteInstanceAsync DWORD ?
CreateInstanceEnum DWORD ?
CreateInstanceEnumAsync DWORD ?
ExecQuery DWORD ?
ExecQueryAsync DWORD ?
ExecNotificationQuery DWORD ?
ExecNotificationQueryAsync DWORD ?
ExecMethod DWORD ?
ExecMethodAsync DWORD ?
IWbemServicesVtbl ENDS
IEnumWbemClassObject STRUCT
lpVtbl DWORD ?
IEnumWbemClassObject ENDS
IEnumWbemClassObjectVtbl STRUCT
QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
Reset DWORD ?
Next DWORD ?
NextAsync DWORD ?
Clone DWORD ?
Skip DWORD ?
IEnumWbemClassObjectVtbl ENDS
IWbemClassObject STRUCT
lpVtbl DWORD ?
IWbemClassObject ENDS
IWbemClassObjectVtbl STRUCT
QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
GetQualifierSet DWORD ?
Get DWORD ?
Put DWORD ?
Delete DWORD ?
GetNames DWORD ?
BeginEnumeration DWORD ?
Next DWORD ?
EndEnumeration DWORD ?
GetPropertyQualifierSet DWORD ?
GetObjectText DWORD ?
SpawnDerivedClass DWORD ?
SpawnInstance DWORD ?
CompareTo DWORD ?
GetPropertyOrigin DWORD ?
InheritsFrom DWORD ?
GetMethod DWORD ?
PutMethod DWORD ?
DeleteMethod DWORD ?
BeginMethodEnumeration DWORD ?
NextMethod DWORD ?
EndMethodEnumeration DWORD ?
GetMethodQualifierSet DWORD ?
GetMethodOrigin DWORD ?
IWbemClassObjectVtbl ENDS
SAFEARRAYBOUND struct
cElements dd ?
lLbound dd ?
SAFEARRAYBOUND ends
SAFEARRAY struct
cDims dw ?
fFeatures dw ?
cbElements dd ?
cLocks dd ?
pvData dd ?
rgsabound SAFEARRAYBOUND <>
SAFEARRAY ends
.CONST
wszSelect WORD "S","E","L","E","C","T"," ","*"," ","F","R","O","M"," ",0 ; the WSTR macro can't handle the asterisk
wszCrLf WORD 13,10,0
WSTR wszClass, "Win32_BIOS" ;<<< Set class here
WSTR wszProperty, "BIOSVersion" ;<<< Set property here
WSTR wszNameSpace, "root\cimv2"
WSTR wszQueryLanguage, "WQL"
WSTR wszMsg, "Serial Number %i: %s"
WaitKeyW proto :PTR WORD
.DATA
; located in WbemCli.h
WBEM_FLAG_CONNECT_USE_MAX_WAIT EQU 80h
WBEM_FLAG_FORWARD_ONLY EQU 20h
WBEM_INFINITE EQU -1
WBEM_E_INVALID_QUERY EQU 80041017h
WBEM_E_INVALID_QUERY_TYPE EQU 80041018h
IID_IWbemLocator GUID2 <0dc12a687h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
IID_IEnumWbemClassObject GUID2 <027947e1h,0d731h,011ceh,0a3h,057h,000h,000h,000h,000h,000h,001h>
IID_IWbemClassObject GUID2 <0dc12a681h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
; located in WbemProv.h
CLSID_WbemAdministrativeLocator GUID2 <0cb8555cch,09128h,011d1h,0adh,09bh,000h,0c0h,04fh,0d8h,0fdh,0ffh>
locator IWbemLocator <>
service IWbemServices <>
enumerator IEnumWbemClassObject <>
processor IWbemClassObject <>
retCount DWORD ?
var_val DWORD ?
DWORD ?
DWORD ?
DWORD ?
pwszResult PWORD ?
wszQuery WORD 256 dup(?)
.CODE
main:
INVOKE CoInitializeEx, NULL, COINIT_MULTITHREADED
INVOKE CoInitializeSecurity, NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL
INVOKE CoCreateInstance, ADDR CLSID_WbemAdministrativeLocator, NULL, CLSCTX_INPROC_SERVER, ADDR IID_IWbemLocator, ADDR locator
INVOKE lstrcatW, ADDR wszQuery, ADDR wszSelect
INVOKE lstrcatW, ADDR wszQuery, ADDR wszClass
mov esi, locator
lodsd
push OFFSET service
push NULL
push NULL
push WBEM_FLAG_CONNECT_USE_MAX_WAIT
push NULL
push NULL
push NULL
push OFFSET wszNameSpace
push DWORD PTR [locator]
call DWORD PTR [eax][IWbemLocatorVtbl.ConnectServer]
mov esi, service
lodsd
push OFFSET enumerator
push NULL
push WBEM_FLAG_FORWARD_ONLY
push OFFSET wszQuery
push OFFSET wszQueryLanguage
push DWORD PTR [service]
call DWORD PTR [eax][IWbemServicesVtbl.ExecQuery]
mov esi, enumerator
lodsd
push OFFSET retCount
push OFFSET processor
push TRUE
push WBEM_INFINITE
push DWORD PTR [enumerator]
call DWORD PTR [eax][IEnumWbemClassObjectVtbl.Next]
mov esi, processor
lodsd
push NULL
push NULL
push OFFSET var_val
push 0
push OFFSET wszProperty
push DWORD PTR [processor]
call DWORD PTR [eax][IWbemClassObjectVtbl.Get]
mov esi, [var_val]
mov edi, [var_val + 4]
mov ecx, [var_val + 8]
mov pwszResult, ecx
mov esi,[ecx].SAFEARRAY.pvData
mov edi,[ecx].SAFEARRAY.rgsabound.cElements
INVOKE crt_wprintf, ADDR wszCrLf
.while edi
mov ecx,[esi]
INVOKE crt_wprintf, ADDR wszMsg, edi,ecx
INVOKE crt_wprintf, ADDR wszCrLf
dec edi
add esi,4
.endw
INVOKE crt_wprintf, ADDR wszCrLf
INVOKE CoUninitialize
INVOKE WaitKeyW, uni$("Press any key to exit ...")
INVOKE ExitProcess, 0
WaitKeyW PROC pwszPrompt:PTR WORD
.DATA
IFNDEF wszCrLf
wszCrLf WORD 13,10,0
ENDIF
.CODE
.IF pwszPrompt == NULL
INVOKE crt_wprintf, ADDR wszCrLf
INVOKE crt_wprintf, uni$("Press any key to continue ... ")
.ELSE
INVOKE crt_wprintf, ADDR wszCrLf
INVOKE crt_wprintf, pwszPrompt
.ENDIF
INVOKE crt__getch
.IF (eax == 0) || (eax == 0E0h)
INVOKE crt__getch
.ENDIF
INVOKE crt_wprintf, ADDR wszCrLf
ret
WaitKeyW ENDP
;======================================================
END main [培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
