Hooking COM Classes

Monday, August 7, 2017

There are some common scenarios that benefit from the ability to hook operations. The canonical example is hooking Windows API functions for debugging purposes, or for malware detection. In this scenario, some DLL is injected into a target process and then hooks relevant functions. There are several ways to do that, but that is not the focus of this post; the interested reader can search the web for more information. In the Component Object Model (COM) world, things are not so easy. Since COM is object based, it's not generally possible to get the address of a COM interface method,...
tags: , , , ,
no comments

Writing a .NET Profiler

Tuesday, May 20, 2008

I was recently asked how a managed application can know the actual size of managed objects it allocates. Although there exists a Marshal.SizeOf method that seemingly can do the trick, this only works for value types, as the method is intended to be used in interop scenarios where some unmanaged memory must be allocated in managed code and passed to some unmanaged function. This question, and others like it can best be answered by using a the .NET profiling API. The .NET profiling API allows the (native C++) programmer to inject a DLL that can receive various events from the CLR during...