Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to view TypeLibrary #41

Open
aconite33 opened this issue Jul 25, 2022 · 0 comments
Open

Unable to view TypeLibrary #41

aconite33 opened this issue Jul 25, 2022 · 0 comments

Comments

@aconite33
Copy link

I've ran into an issue when trying to dissect the CLSID for Outlook. I am able to pull data about the exports using Powershell, but I am unable to replicate the same data with OleView and the original OLE Object Viewer.

In order to capture the data in Powershell, I follow the same outline defined by Mandiant here

Specifically:

$comObj = [Activator]::CreateInstance([type]::GetTypeFromCLSID("0006F03A-0000-0000-C000-000000000046"))
$comObj | Get-Member

You can see in the image below that the Methods are exposed and can see the functions provided by the COM Object:

image

However, trying to replicate this in OleView, I am unable to get similar datasets.

image

And I get a different error when trying to use the legacy OleViewer:

image

Few notes:

I have Windows 10 SDK and I'm using the dbghelp.dll from that install. Here is a snapshot of my settings:

image

Is this an issue of Ole Viewer(s) not being able to parse the COM Object itself? Or is it something where we have to go deeper because of how the COM object is being instantiated?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aconite33