Options Form
From the main interface, click on the View hyperlink and then the Options menu item. This will bring up the Options Dialog:



  • Debugger textbox

    path to your debugger of choice use the ... button to select. This exe is used to launch wsf files from the debugger form if you want to manually probe them after the fuzz tests.

  • Username - used only as a marker in distributed audits to mark who did what

  • Use Distributed Auditing

    enabled distributed auditing mode. You will have to setup a database server and system dsn to enabled this option. Click the "Test DSN Connection" hyperlink to test the system configuration to enable checkbox.

  • Allow fuzzing of functions with Object Type Arguments -

    By default COMRaider will mark any function which takes object type arguments as not fuzzable rather than trying to figure out how to create a live instance of the the object the function is looking for. If you enable this option then COMRaider will not use this criteria and will instead use an empty object variable for that function argument. Fuzz engine may support dymanic object creation for function arguments at some point, but not yet.

  • Only show default interface for classes -

    Scripting clients can only call functions on the default interface for a class. While classes may support more than one interface, we do not display them by default because COMRaider has no way to call their functions (and neither would a script client like IE). Option applies to the type library viewer form display.

  • Scan Registry for Safe Objects -

    ComRaider supports two different mechanisms of locating safe for scripting objects on your system. By default, it will use this option and simply scan the registry for objects with have the "Safe For Scripting" or "Safe For Initialization" registry keys defined in their Implemented Categories field.

    This is an older method of marking your controls as safe for scripting however it is a very easy and quick test to perform which is why its enabled by default. Use this default option until you get used to COMRaider.

    If this option is not enabled, then COMRaider will instead launch builddb.exe which is a standalone exe designed to scan the registry. BuildDB.exe will enumerate every single installed ActiveX Control, and try to create a live instance of it looking to see if it implements the IObjectSafety Interface. If it does, then it will save it to the comraider.mdb database along with the safety options it supports.

    Note that this test can take quite a while to complete, and that you will have to monitor your system as it runs closing any windows it may spawn. BuildDB.exe may also crash and have to be restarted due to creating COM Objects which crash or corrupt its address space (think javaprxy type mem corruption). BuildDB.exe will automatically pick up at the last COM Object scanned from the previous run and continue about its task.

    This option is invoked from the "Build db from scratch" and "Scan for new" menu items on the "list objects which should load in IE" form.

  • Use API Logger -

    The debugger interface can also inject a logging dll into the target wscript process to monitor for file and registry access if this option is enabled. The Log filter textbox is a comma separated list of substrings which should be ignored and not logged. The default values represent strings which may be present if you have a virus scanner installed which may add extra noise to the API log.

    Note that if the ActiveX server under testing is an out of process server (ActiveX EXE) the logging dll injected into WScript will not give you any useful log data.