CDO.Message Breakpoints
Author: David Zimmer
Date: 07.17.16 - 7:26am
Just a couple breakpoints of interest if you have to watch something that uses the CDO.Message COM object to send emails.
Loaded File: C:\WINDOWS\system32\cdosys.dll Name: CDO Lib GUID: {CD000000-8B95-11D1-82DB-00C04FB1625D} Version: 1.0 Lib Classes: 7 version: 6.2.4.0 MD5: 465f0eb786e0f667e4374704836b5717 Dim cdoConf As New CDO.Configuration Set Flds = cdoConf.Fields schema = "http://schemas.microsoft.com/cdo/configuration/" With Flds DebugBreak .Item(schema & "sendpassword") = "yourpassword" On send you can see all the values accessed here: ----------------------------------------------- .text:47645C92 ; void __thiscall CConfig::InetServerFromConfig(CConfig *this, bool, struct INETSERVER *) .text:47645C92 ?InetServerFromConfig@CConfig@@IAEX_NAAUINETSERVER@@@Z proc near 47645EC2 50 PUSH EAX ;password 47645EE1 FFD7 CALL EDI ; msvcrt.strncpy ;password visible here As they are being set with .item you can see them pass through here: ---------------------------------------------------------------------- .text:47622F9A ; __int32 __stdcall CCacheRow::GetColumns(CCacheRow *this, unsigned __int32, struct tagDBCOLUMNACCESS *const ) .text:47622F9A ?GetColumns@CCacheRow@@UAGJKQAUtagDBCOLUMNACCESS@@@Z proc near other breakpoints of interest .text:4763DE85 ; __int32 CMimeMessage::AddAttachment(CMimeMessage *__hidden this, unsigned __int16 *, unsigned __int16 *, unsigned __int16 *, struct IBodyPart **) .text:4763506D ; __int32 __stdcall CMimeMessage::put_Subject(CMimeMessage *this, OLECHAR *psz) .text:476351E4 ; __int32 __stdcall CMimeMessage::put_To(CMimeMessage *this, OLECHAR *psz) .text:4763586C ; __int32 __thiscall __high CMimeMessage::put_body(unsigned __int32, unsigned __int16 *, struct IStream *, enum tagENCODINGTYPE, const struct HCHARSET__ *) .text:47635B59 ; __int32 __stdcall CMimeMessage::put_TextBody(CMimeMessage *this, OLECHAR *psz) .text:47635CD0 ; __int32 __stdcall CMimeMessage::put_HTMLBody(CMimeMessage *this, OLECHAR *psz) .text:47635FEA ; __int32 __stdcall CMimeMessage::put_From(CMimeMessage *this, OLECHAR *psz) .text:47636161 ; __int32 __stdcall CMimeMessage::put_Sender(CMimeMessage *this, OLECHAR *psz) .text:476347A3 ; __int32 __stdcall CMimeMessage::put_CC(CMimeMessage *this, OLECHAR *psz) .text:4763462C ; __int32 __stdcall CMimeMessage::put_BCC(CMimeMessage *this, OLECHAR *psz)
Comments: (0)
Leave Comment:
Name:
Email:
(not shown)
Message:
(Required)
Math Question: 40 + 37 = ? followed by the letter: U
About Me
More Blogs
Main Site
Posts:
(
All
)
2023
( 4 )
2022
( 5 )
2021
( 2 )
2020
( 5 )
2019
( 6 )
2017
( 5 )
2016 (4)
KANAL Mod
Decoders again
CDO.Message Breakpoints
SysAnalyzer Updates
2015 (5)
SysAnalyzer and Site Updates
crazy decoder
ida js w/dbg
flash patching #2
JS Graphing
2014 (5)
Delphi IDA Plugin
scdbg IDA integration
API Hash Database
Winmerge plugin
IDACompare Updates
2013
( 9 )
2012
( 13 )
2011
( 19 )
2010
( 11 )
2009
( 1 )