CoMiExtractor is a specialized tool designed to inspect and extract interface information from Windows COM objects. It leverages IProvideClassInfo and IDispatch interfaces to provide comprehensive details about COM interfaces, methods, and parameters - essential for development, debugging, and reverse engineering.
- π― Interface Extraction - Automatically discovers and extracts COM interface definitions
- π¬ Method Analysis - Retrieves detailed method information including parameters and return types
- π RVA Offset Calculation - Computes Relative Virtual Address offsets for each method
- 𧬠Type Information - Provides complete type information for parameters and return values
- π οΈ Development Ready - Outputs C++-compatible interface definitions ready for use
| Target | Description |
|---|---|
| Name | Interface name |
| IID | Interface identifier (GUID) |
| Target | Description |
|---|---|
| Name | Method name |
| Return Type | Method return value type |
| Invoke Kind | Property access type [Get, Set, SetRef] |
| Display Id | Method display ID (DISPID) |
| RVA Offset | Relative Virtual Address offset |
| Target | Description |
|---|---|
| Name | Parameter name |
| Direction | Parameter direction [In, Out] |
| Type | Parameter type (VARENUM reference) |
CoMiExtractor.exe
# Enter CLSID when promptedCoMiExtractor.exe "{CLSID}"CoMiExtractor.exe "{2A0B9D10-4B87-11D3-A97A-00104B365C9F}"MIDL_INTERFACE("2A0B9D10-4B87-11D3-A97A-00104B365C9F")
IFileSystem3 : public IUnknown
{
public:
// Display Id: 0x60000000
static const uintptr_t QueryInterfaceRvaOffset = 0x3c80;
virtual void STDMETHODCALLTYPE QueryInterface(
/* [in] */ void* riid,
/* [out] */ void* ppvObj) = 0;
// Display Id: 0x60000001
static const uintptr_t AddRefRvaOffset = 0xfec0;
virtual DWORD STDMETHODCALLTYPE AddRef() = 0;
// Display Id: 0x60000002
static const uintptr_t ReleaseRvaOffset = 0x5600;
virtual DWORD STDMETHODCALLTYPE Release() = 0;
// Display Id: 0x2710
static const uintptr_t BuildPathRvaOffset = 0x14870;
virtual BSTR STDMETHODCALLTYPE BuildPath(
/* [in] */ BSTR Path,
/* [in] */ BSTR Name) = 0;
// Display Id: 0x460
static const uintptr_t CreateFolderRvaOffset = 0x14bc0;
virtual void* STDMETHODCALLTYPE CreateFolder(/* [in] */ BSTR Path) = 0;
};- Visual Studio 2022 (or later)
- Windows SDK 10.0
- Platform Toolset v143
-
Clone the repository
git clone https://github.com/player-alex/CoMiExtractor.git cd CoMiExtractor -
Open the solution
cd CoMiExtractor start CoMiExtractor.sln -
Build the project
- Select configuration (Debug/Release)
- Select platform (Win32/x64)
- Build β Build Solution (Ctrl+Shift+B)
-
Run the executable
cd Release CoMiExtractor.exe
CoMiExtractor/
βββ CoMiExtractor/
β βββ inc/
β β βββ CoMiExtractor.h # Main extractor class header
β β βββ Utils.h # Utility functions and type mappings
β βββ src/
β β βββ main.cpp # Entry point
β β βββ CoMiExtractor.cpp # Core extraction implementation
β βββ CoMiExtractor.vcxproj # Visual Studio project file
βββ LICENSE # MIT License
βββ README.md # This file
- π Generate interface definitions for undocumented COM objects
- π Understand COM object capabilities and method signatures
- π§ͺ Create test harnesses for COM components
- π Analyze proprietary COM components
- πΊοΈ Map interface structures and method offsets
- π Understand system component internals
- π‘οΈ Audit COM object attack surfaces
- π¬ Identify exploitable method signatures
- π Document interface capabilities for threat modeling
This project is licensed under the MIT License - see the LICENSE file for details.
This tool is intended for legitimate development, debugging, and security research purposes only. Users are responsible for ensuring their use of this tool complies with all applicable laws and regulations.
- Built with Windows COM/OLE APIs
- Uses ATL (Active Template Library) for COM support
- Type information extracted via ITypeInfo interfaces