CDO.Message Breakpoints
Author: David Zimmer
Date: 07.17.16 - 7:26am
Just a couple breakpoints of interest if you have to watch something that uses the CDO.Message COM object to send emails.
Loaded File: C:\WINDOWS\system32\cdosys.dll Name: CDO Lib GUID: {CD000000-8B95-11D1-82DB-00C04FB1625D} Version: 1.0 Lib Classes: 7 version: 6.2.4.0 MD5: 465f0eb786e0f667e4374704836b5717 Dim cdoConf As New CDO.Configuration Set Flds = cdoConf.Fields schema = "http://schemas.microsoft.com/cdo/configuration/" With Flds DebugBreak .Item(schema & "sendpassword") = "yourpassword" On send you can see all the values accessed here: ----------------------------------------------- .text:47645C92 ; void __thiscall CConfig::InetServerFromConfig(CConfig *this, bool, struct INETSERVER *) .text:47645C92 ?InetServerFromConfig@CConfig@@IAEX_NAAUINETSERVER@@@Z proc near 47645EC2 50 PUSH EAX ;password 47645EE1 FFD7 CALL EDI ; msvcrt.strncpy ;password visible here As they are being set with .item you can see them pass through here: ---------------------------------------------------------------------- .text:47622F9A ; __int32 __stdcall CCacheRow::GetColumns(CCacheRow *this, unsigned __int32, struct tagDBCOLUMNACCESS *const ) .text:47622F9A ?GetColumns@CCacheRow@@UAGJKQAUtagDBCOLUMNACCESS@@@Z proc near other breakpoints of interest .text:4763DE85 ; __int32 CMimeMessage::AddAttachment(CMimeMessage *__hidden this, unsigned __int16 *, unsigned __int16 *, unsigned __int16 *, struct IBodyPart **) .text:4763506D ; __int32 __stdcall CMimeMessage::put_Subject(CMimeMessage *this, OLECHAR *psz) .text:476351E4 ; __int32 __stdcall CMimeMessage::put_To(CMimeMessage *this, OLECHAR *psz) .text:4763586C ; __int32 __thiscall __high CMimeMessage::put_body(unsigned __int32, unsigned __int16 *, struct IStream *, enum tagENCODINGTYPE, const struct HCHARSET__ *) .text:47635B59 ; __int32 __stdcall CMimeMessage::put_TextBody(CMimeMessage *this, OLECHAR *psz) .text:47635CD0 ; __int32 __stdcall CMimeMessage::put_HTMLBody(CMimeMessage *this, OLECHAR *psz) .text:47635FEA ; __int32 __stdcall CMimeMessage::put_From(CMimeMessage *this, OLECHAR *psz) .text:47636161 ; __int32 __stdcall CMimeMessage::put_Sender(CMimeMessage *this, OLECHAR *psz) .text:476347A3 ; __int32 __stdcall CMimeMessage::put_CC(CMimeMessage *this, OLECHAR *psz) .text:4763462C ; __int32 __stdcall CMimeMessage::put_BCC(CMimeMessage *this, OLECHAR *psz)
Comments: (0)
Leave Comment:
Name:
Email:
(not shown)
Message:
(Required)
Math Question: 8 + 12 = ? followed by the letter: L
About Me
More Blogs
Main Site
Posts:
(
year
)
2023 (4)
Yara Workbench Automation
VS linker versions
IDA decompiler comments
DispCallFunc
2022 (5)
VB6 Implements
VB6 Stubs BS
VB6 TypeInfo
VB6 VTable Layout
Yara isPCode rule
2021 (2)
rtcTypeName
VB6 Gosub
2020 (5)
AutoIT versions
IDA JScript 2
Using VB6 Obj files from C
Yara Corrupt Imports
Yara Undefined values
2019 (6)
Yara WorkBench
SafeArrayGetVartype
vb6 API and call backs
PrintFile
ImpAdCallNonVirt
UConnect Disable Cell Modem
2017 (5)
IDA python over IPC
dns wildcard blocking
64bit IDA Plugins
anterior lines
misc news/updates
2016 (4)
KANAL Mod
Decoders again
CDO.Message Breakpoints
SysAnalyzer Updates
2015 (5)
SysAnalyzer and Site Updates
crazy decoder
ida js w/dbg
flash patching #2
JS Graphing
2014 (5)
Delphi IDA Plugin
scdbg IDA integration
API Hash Database
Winmerge plugin
IDACompare Updates
2013 (9)
Guest Post @ hexblog
TCP Stream Reassembly
SysAnalyzer Updates
Apilogger Video
Shellcode2Exe trainer
scdbg updates
IDA Javascript w/IDE
Rop Analysis II
scdbg vrs ROP
2012 (13)
flash patching
x64 Hooks
micro hook
jmp api+5 *2
SysAnalyzer Updates
InjDll runtime config
C# Asm/Dsm Library
Shellcode Hook Detection
Updates II
findDll
Java Hacking
Windows 8
Win7 x64
2011 (19)
Graphing ideas
.Net Hacking
Old iDefense Releases
BootLoaders
hll shellcode
ActionScript Tips
-patch fu
scdbg ordinal lookup
scdbg -api mode
Peb Module Lists
scdbg vrs Process Injection
GetProcAddress Scanner
scdbg fopen mode
scdbg findsc mode
scdbg MemMonitor
demo shellcodes
scdbg download
api hashs redux
Api hash gen
2010 (11)
Retro XSS Chat Codes
Exe as DLL
Olly Plugins
Debugging Explorer
Attach to hidden process
JS Refactoring
Asm and Shellcode in CSharp
Fancy Return Address
PDF Stream Dumper
Malcode Call API by Hash
WinDbg Cheat Sheet
2009 (1)
GPG Automation