win32utils devel - Oct 2010 - Fwd: IUnknown COM from Ruby

---------- Forwarded message ----------
From: Ben Nagy <ben at research.coseinc.com>
Date: Tue, Oct 19, 2010 at 2:42 AM
Subject: IUnknown COM from Ruby
To: djberg96 at gmail.com


Hi Daniel,

Sorry to email you direct, but I''ve struck out on google and
#ruby-lang and nobody can tell me which mailing lists are still alive,
plus you''re one of the few people I know doing deep Windows stuff. :)

I was just wondering if you had any hints at all for how to go about
using COM interfaces to a DLL. Specifically, I want to wrap dbgeng.dll
(starting with the DebugCreate method) in a similar manner to
PyDbgEng. I can''t find any Ruby stuff which lets me deal with raw COM
as opposed to application OLE though - which could just be because I
don''t understand it. If I need IDL definitions, I can steal that from
the python code...

If you happen to have done anything like this, an example or a link
would be very much appreciated.

Cheers,

ben

PS

If you''re interested, other stuff I looked at:

- Using the raw win32api and WaitForDebugEvent. Ragweed does this, but
it doesn''t use dbgeng, and there are some extensions like !exploitable
I need to use.
- Using mdbg (a managed .NET wrapper) and then IronRuby to talk to the
CLR. IronRuby''s fate is uncertain and it''s 1.8 whereas all my
other
stuff is 1.9
- Wrapping PyDbgEng with xmlrpc and then wrapping that with Ruby. Made
me throw up in my mouth.
- FFI etc - same problem, don''t know how to get the actual COM
Interface classes created, no examples

Hi,

2010/10/20 Daniel Berger <djberg96 at gmail.com>
> ---------- Forwarded message ----------
> From: Ben Nagy <ben at research.coseinc.com>
> Date: Tue, Oct 19, 2010 at 2:42 AM
> Subject: IUnknown COM from Ruby
> To: djberg96 at gmail.com
>
>
> Hi Daniel,
>
> Sorry to email you direct, but I''ve struck out on google and
> #ruby-lang and nobody can tell me which mailing lists are still alive,
> plus you''re one of the few people I know doing deep Windows stuff.
:)
>
> I was just wondering if you had any hints at all for how to go about
> using COM interfaces to a DLL. Specifically, I want to wrap dbgeng.dll
> (starting with the DebugCreate method) in a similar manner to
> PyDbgEng. I can''t find any Ruby stuff which lets me deal with raw
COM
> as opposed to application OLE though - which could just be because I
> don''t understand it. If I need IDL definitions, I can steal that
from
> the python code...
>
> If you happen to have done anything like this, an example or a link
> would be very much appreciated.
>
> Cheers,
>
> ben
>
> PS
>
> If you''re interested, other stuff I looked at:
>
> - Using the raw win32api and WaitForDebugEvent. Ragweed does this, but
> it doesn''t use dbgeng, and there are some extensions like
!exploitable
> I need to use.
> - Using mdbg (a managed .NET wrapper) and then IronRuby to talk to the
> CLR. IronRuby''s fate is uncertain and it''s 1.8 whereas
all my other
> stuff is 1.9
> - Wrapping PyDbgEng with xmlrpc and then wrapping that with Ruby. Made
> me throw up in my mouth.
> - FFI etc - same problem, don''t know how to get the actual COM
> Interface classes created, no examples
>
>
Because DbgEng is not a registered COM server, we cannot use WIN32OLE module
for this case.
And there is no easy way to do this using ruby.

Anyway, here is a first trial:

require ''win32/api''

IID_IDebugClient = [0x27fe5639, 0x8407, 0x4f47, 0x83, 0x64, 0xee, 0x11,
0x8f, 0xb0, 0x8a, 0xc8].pack(''LSSC8'')
IID_IDebugControl = [0x5182e668,0x105e,0x416e,0xad, 0x92, 0x24, 0xef, 0x80,
0x04, 0x24, 0xba].pack(''LSSC8'')
DEBUG_ONLY_THIS_PROCESS = 2
DEBUG_WAIT_DEFAULT = 0

debugCreate = Win32::API.new(''DebugCreate'',
''PP'', ''L'',''dbgeng'')
memcpy = Win32::API.new(''memcpy'', ''PLL'',
''L'',''msvcrt'')

ptr = 0.chr*4
debugCreate.call(IID_IDebugClient,ptr)
debug_client = ptr.unpack(''L'').first

lpVtbl = 0.chr * 4
table = 0.chr * 80
memcpy.call(lpVtbl,debug_client,4)
memcpy.call(table,lpVtbl.unpack(''L'').first,80)
table = table.unpack(''L*'')
queryInterface =
Win32::API::Function.new(table[0],''PPP'',''L'')
createProcess =
Win32::API::Function.new(table[13],''PLLSL'',''L'')

p = 0.chr * 4
hr = queryInterface.call(debug_client,IID_IDebugControl,p)
debug_control = p.unpack(''L'').first

lpVtbl = 0.chr * 4
table = 0.chr * 4*94
memcpy.call(lpVtbl,debug_control,4)
memcpy.call(table,lpVtbl.unpack(''L'').first,4*94)
table = table.unpack(''L*'')
waitForEvent =
Win32::API::Function.new(table[93],''PLL'',''L'')

createProcess.call(debug_client,0,0,"c:\\windows\\system32\\notepad.exe",DEBUG_ONLY_THIS_PROCESS)
waitForEvent.call(debug_control,DEBUG_WAIT_DEFAULT, -1)


Regards,
Park Heesob
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://rubyforge.org/pipermail/win32utils-devel/attachments/20101020/b34248f3/attachment.html>

On Tue, Oct 19, 2010 at 10:53 PM, Heesob Park <phasis at gmail.com> wrote:
> Because DbgEng is not a registered COM server, we cannot use WIN32OLE
> module for this case.
> And there is no easy way to do this using ruby.
>
> Anyway, here is a first trial:
>
>
<snip>

Hi,

I wanted to thank you guys for giving some attention to this topic. :)

The DbgEng problem sounds similar to a situation I was in recently - I
wanted to use Ruby to try out the new MS UI Automation COM client API on
Win7.

This API has a lot of promise for doing UI automation tasks.  But the COM
object at the heart of it (CUIAutomation) does not implement IDispatch, so I
found it cannot be used with Ruby WIN32OLE (and similar modules for other
languages).

In the end I was able to use Python and comtypes to successfully use the UIA
COM API (and incidentally, it looks like comtypes is also used by PyDbgEng).

But a pure Ruby solution would be really convenient.  I was not able to get
a handle on how to quickly get comtypes-like behavior in Ruby - I guess a
fair amount of effort will be required to mimic comtypes.

The vtable/memcpy Ruby Win32::API code posted by Park looks like a nice
first step in that direction. :)

As an alternative to a pure-Ruby solution, I found that I could instantiate
and use an IUnknown COM object via a Ruby C++ extension.  Ben - this might
be a workaround to investigate if you absolutely have to get something
working quickly.

I was able to build such an extension using both MSVC and the Ruby
DevKit/MinGW.  However, the MinGW solution was more painful since it
required some header file tweaking, since MinGW did not yet have the UI
Automation headers from the Win7 SDK.  (DbgEng may not pose the same problem
though.)

Thanks
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://rubyforge.org/pipermail/win32utils-devel/attachments/20101023/7f99e205/attachment.html>

This is definitely interesting. I don''t know about the COM UI
Automation in Win7, but as part of the Watir project, we''ve had to
hack around this issue some leading to exactly what Bill mentions - a
custom c++ dll and some sorry hacks for win32ole.so. This is obviously
a bit of a problem for switching Ruby versions, though fortunately
only used to grab IE showModalDialog dialogs which is a subset of our
users. I''d be happy to contribute somehow or another, as this has been
on the list of todos to get rid of for a while.

Cheers,

Charley

On Sat, Oct 23, 2010 at 1:36 PM, Bill Agee <billagee at gmail.com>
wrote:
> On Tue, Oct 19, 2010 at 10:53 PM, Heesob Park <phasis at gmail.com>
wrote:
>>
>> Because DbgEng is not a registered COM server, we cannot use WIN32OLE
>> module for this case.
>> And there is no easy way to do this using ruby.
>> Anyway, here is a first trial:
>
> <snip>
>
> Hi,
>
> I wanted to thank you guys for giving some attention to this topic. :)
>
> The DbgEng problem sounds similar to a situation I was in recently - I
> wanted to use Ruby to try out the new MS UI Automation COM client API on
> Win7.
>
> This API has a lot of promise for doing UI automation tasks.? But the COM
> object at the heart of it (CUIAutomation) does not implement IDispatch, so
I
> found it cannot be used with Ruby WIN32OLE (and similar modules for other
> languages).
>
> In the end I was able to use Python and comtypes to successfully use the
UIA
> COM API (and incidentally, it looks like comtypes is also used by
PyDbgEng).
>
> But a pure Ruby solution would be really convenient.? I was not able to get
> a handle on how to quickly get comtypes-like behavior in Ruby - I guess a
> fair amount of effort will be required to mimic comtypes.
>
> The vtable/memcpy Ruby Win32::API code posted by Park looks like a nice
> first step in that direction. :)
>
> As an alternative to a pure-Ruby solution, I found that I could instantiate
> and use an IUnknown COM object via a Ruby C++ extension.? Ben - this might
> be a workaround to investigate if you absolutely have to get something
> working quickly.
>
> I was able to build such an extension using both MSVC and the Ruby
> DevKit/MinGW.? However, the MinGW solution was more painful since it
> required some header file tweaking, since MinGW did not yet have the UI
> Automation headers from the Win7 SDK.? (DbgEng may not pose the same
problem
> though.)
>
> Thanks
> Bill
> _______________________________________________
> win32utils-devel mailing list
> win32utils-devel at rubyforge.org
> http://rubyforge.org/mailman/listinfo/win32utils-devel
>