View Single Post
  #1  
Old 01-29-2012, 12:13 AM
vbaddicts vbaddicts is offline
Junior Member
 
Join Date: Oct 2011
Posts: 3
Default ActiveX DLL Injection ?

NOTE: administrators -> if this isn't the correct forum please move it and if the content is inappropriate please delete and pm me notification. Thanks.

O.K. so here is what i'm attempting to do: using assembly code cause a remote process to load an activex dll (CoLoadLibrary) create an instance of a class (DllGetClassObject) call a method on that class and then unload (CoFreeLibrary).

So far I've got the target to load the dll correctly. I then call GetProcAddress to retrieve the entry point for DllGetClassObject in the activex dll. I pass a pointer to memory allocated for the interfaces vtable, a pointer to IClassFactory's IID, and a pointer to CPatchManager's CLSID.

I keep getting error code: CLASS_E_CLASSNOTAVAILABLE

If anyone can point out what I'm doing wrong or give me some general idea of what I should be doing I would appreciate it, here is the code i'm using for calling DllGetClassObject:

Code:
mov eax, GETPROCADDRESSPTR

push dword DLLGETCLASSOBJECTNAME
push dword LIBRARYMODULEHANDLE
call eax

;check return value
cmp eax, 0
jnz GETPROCADDRSUCCESS3

;handle error here
jmp INJECTIONERROR

GETPROCADDRSUCCESS3:

;call DllGetClassObject for IClassFactory
push dword ICLASSFACTORYINTERFACE
push dword ICLASSFACTORYIID
push dword CPATCHMANAGERCLSID
call eax
Reply With Quote