├── README.md ├── LICENSE └── CMS.ps1 /README.md: -------------------------------------------------------------------------------- 1 | # COMMethodSearcher 2 | This is a PowerShell script that searches through all COM objects and look for any methods containing a keyword of your choosing. There's three "depths" that are possible. The first "depth" is just getting the members of the COM object. Second "depth" is getting the member's members of the COM object. The third "depth", is you guessed it, the member's member's members of the object. I figured three was enough. The first two depths complete within a few minutes, the third can take 5-8 minutes (in my experience). There's also two options of searching: By CLSID or ProgID. Not all COM Objects will have ProgIDs, but searching by CLSIDs takes almost twice as long and has caused some unexpected Powershell crashes. 3 | 4 | This has caused some weird shit to happen because it's literally instantiating every registered COM object, so use at your own risk. Because of this, this isn't supported, so if one day you log into Windows and see Microsoft Word pop up 12 times shortly after you ran this script, then don't open an issue because I warned you. Godspeed. 5 | 6 | Usage Example: .\CMS.ps1 -CLSIDs -Depth 3 -Term ExecuteShell 7 | 8 | Usage Example: .\CMS.ps1 -ProgIDs -Depth 2 -Term ExecuteShell 9 | 10 | 11 | ![Example](https://i.imgur.com/gYrtLvi.png) 12 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2020, Hausec 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /CMS.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | Param( 3 | [Int]$threads=20, 4 | [Parameter(Mandatory=$true)][String]$Term = $null, 5 | [Parameter(Mandatory=$false)][switch]$CLSIDs = $null, 6 | [Parameter(Mandatory=$false)][switch]$ProgIDs = $null, 7 | [Parameter(Mandatory=$true)][String]$Depth = $null) 8 | 9 | $ErrorActionPreference = 'silentlyContinue' 10 | 11 | If($ProgIDs) 12 | { 13 | $z = Get-ChildItem registry::HKEY_CLASSES_ROOT\WOW6432Node\CLSID -Recurse | Where-Object Name -match ProgID | ForEach GetValue '' 14 | $y = $z | Get-Unique 15 | $w = ForEach($x in $y){If($x -notmatch '\.1'){$x}} 16 | If($Depth -eq 1) 17 | { 18 | ForEach($v in $w) 19 | { 20 | $com = [activator]::CreateInstance([type]::GetTypeFromProgID("$v")) #Instantiate the COM Object 21 | $members = $com | Get-Member #Store all the members into a variable 22 | ForEach($member in $members) 23 | { 24 | If($member -notmatch 'Application' -and $member -notmatch 'Parent' -and $member -notmatch 'Cell' -and $member -notmatch 'Columns' -and $member -notmatch 'Rows') 25 | {If($member.TypeName -match '__') 26 | {If($member -match $Term) 27 | { 28 | Write-Host "$v.$member"}}} 29 | } 30 | } 31 | } 32 | 33 | If($Depth -eq 2) 34 | { 35 | ForEach($v in $w) 36 | { 37 | 38 | $com = [activator]::CreateInstance([type]::GetTypeFromProgID("$v")) #Instantiate the COM Object 39 | $members = $com | Get-Member #Store all the members into a variable 40 | ForEach($member in $members) 41 | { 42 | $membernames = $member.Name 43 | If($member -notmatch 'Application' -and $member -notmatch 'Parent' -and $member -notmatch 'Cell' -and $member -notmatch 'Columns' -and $member -notmatch 'Rows') 44 | { 45 | If($member.TypeName -match '__') 46 | { 47 | If($member -match $Term) 48 | { 49 | Write-Host "$v.$member" 50 | } 51 | ForEach($membername in $membernames) 52 | { 53 | $m1member = $com.$membername | gm 54 | If($m1member -notmatch 'Application' -and $m1member -notmatch 'Parent' -and $m1member -notmatch 'Cell' -and $m1member -notmatch 'Columns' -and $m1member -notmatch 'Rows') 55 | { 56 | If($m1member.TypeName -match '__') 57 | { 58 | If($m1member -match $Term) 59 | { 60 | Write-Host "$v.$membername.$m1member" 61 | } 62 | } 63 | } 64 | } 65 | } 66 | } 67 | } 68 | } 69 | } 70 | 71 | If($Depth -eq 3) 72 | { 73 | ForEach($v in $w) 74 | { 75 | 76 | $com = [activator]::CreateInstance([type]::GetTypeFromProgID("$v")) #Instantiate the COM Object 77 | $members = $com | Get-Member #Store all the members into a variable 78 | ForEach($member in $members) 79 | { 80 | 81 | If($member -notmatch 'Application' -and $member -notmatch 'Parent' -and $member -notmatch 'Cell' -and $member -notmatch 'Columns' -and $member -notmatch 'Rows') 82 | { 83 | If($member.TypeName -match '__' -and $member.TypeName -notmatch '57da806104b8') 84 | { 85 | If($member -match $Term) 86 | { 87 | Write-Host "$v.$member" 88 | } 89 | $membernames = $member.Name 90 | ForEach($membername in $membernames) 91 | { 92 | $m1members = $com.$membername | gm 93 | ForEach($m1member in $m1members) 94 | { 95 | If($m1member -notmatch 'Application' -and $m1member -notmatch 'Parent' -and $m1member -notmatch 'Cell' -and $m1member -notmatch 'Columns' -and $m1member -notmatch 'Rows') 96 | { 97 | If($m1member.TypeName -match '__') 98 | { 99 | If($m1member -match $Term) 100 | { 101 | Write-Host "$v.$membername.$m1member" 102 | } 103 | $m1membernames = $m1member.Name 104 | ForEach($m1membername in $m1membernames) 105 | { 106 | $m2members = $com.$membername.$m1membername | gm 107 | ForEach($m2member in $m2members) 108 | { 109 | If($m2member -notmatch 'Application' -and $m2member -notmatch 'Parent' -and $m2member -notmatch 'Cell' -and $m2member -notmatch 'Columns' -and $m2member -notmatch 'Rows') 110 | { 111 | If($m2member.TypeName -match '__') 112 | { 113 | If($m2member -match $Term) 114 | { 115 | Write-Host "$v.$membername.$m1membername.$m2member" 116 | } 117 | } 118 | } 119 | } 120 | } 121 | } 122 | } 123 | } 124 | } 125 | } 126 | } 127 | } 128 | } 129 | } 130 | } 131 | 132 | If($CLSIDs) 133 | { 134 | $z = Get-ChildItem registry::HKEY_CLASSES_ROOT\WOW6432Node\CLSID 135 | $y = $z | Get-Unique 136 | 137 | If($Depth -eq 0) 138 | { 139 | ForEach($v in $y) 140 | {#Start-Sleep -Milliseconds 100 141 | $v} 142 | } 143 | 144 | If($Depth -eq 1) 145 | { 146 | ForEach($v in $y) 147 | { 148 | $key = $v.Name 149 | $CLSID = $key.Split("{}")[1] | Get-Unique 150 | $t = Get-ChildItem "registry::HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{$CLSID}" 151 | if($t -match "LocalServer32") 152 | { 153 | $o = Get-ChildItem "registry::HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{$CLSID}" | Where-Object Name -match ProgID | ForEach GetValue '' 154 | $w = ForEach($x in $y){If($x -notmatch '\.1'){$x}} 155 | $com = [activator]::CreateInstance([type]::GetTypeFromCLSID("$CLSID")) #Instantiate the COM Object 156 | $members = $com | Get-Member #Store all the members into a variable 157 | ForEach($member in $members) 158 | { 159 | If($member.TypeName -match '__') 160 | { 161 | If($member -match $Term) 162 | { 163 | Write-Host "ProgID: " $o 164 | $CLSID.$member 165 | } 166 | } 167 | } 168 | } 169 | } 170 | } 171 | 172 | If($Depth -eq 2) 173 | { 174 | ForEach($v in $y) 175 | { 176 | $key = $v.Name 177 | $CLSID = $key.Split("{}")[1] | Get-Unique 178 | $o = Get-ChildItem "registry::HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{$CLSID}" | Where-Object Name -match ProgID | ForEach GetValue '' 179 | $t = Get-ChildItem "registry::HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{$CLSID}" 180 | if($t -match "LocalServer32") 181 | { 182 | $com = [activator]::CreateInstance([type]::GetTypeFromCLSID("$CLSID")) #Instantiate the COM Object 183 | $members = $com | Get-Member #Store all the members into a variable 184 | ForEach($member in $members) 185 | { 186 | $membernames = $member.Name 187 | If($member -notmatch 'Application' -and $member -notmatch 'Parent' -and $member -notmatch 'Cell' -and $member -notmatch 'Columns' -and $member -notmatch 'Rows') 188 | { 189 | If($member.TypeName -match '__') 190 | { 191 | If($member -match $Term) 192 | { 193 | Write-Host "ProgID: $o" 194 | "$CLSID.$member" 195 | } 196 | ForEach($membername in $membernames) 197 | { 198 | $m1member = $com.$membername | gm 199 | If($m1member -notmatch 'Application' -and $m1member -notmatch 'Parent' -and $m1member -notmatch 'Cell' -and $m1member -notmatch 'Columns' -and $m1member -notmatch 'Rows') 200 | { 201 | If($m1member.TypeName -match '__') 202 | { 203 | If($m1member -match $Term) 204 | { 205 | Write-Host "ProgID: $o" 206 | "$CLSID.$member.$m1member" 207 | 208 | } 209 | } 210 | } 211 | } 212 | } 213 | } 214 | } 215 | } 216 | } 217 | } 218 | 219 | If($Depth -eq 3) 220 | { 221 | ForEach($v in $y) 222 | { 223 | $key = $v.Name 224 | $CLSID = $key.Split("{}")[1] | Get-Unique 225 | $t = Get-ChildItem "registry::HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{$CLSID}" 226 | if($t -match "LocalServer32") 227 | { 228 | $o = Get-ChildItem "registry::HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{$CLSID}" | Where-Object Name -match ProgID | ForEach GetValue '' 229 | $com = [activator]::CreateInstance([type]::GetTypeFromCLSID("$CLSID")) #Instantiate the COM Object 230 | $members = $com | Get-Member #Store all the members into a variable 231 | ForEach($member in $members) 232 | { 233 | If($member -notmatch 'Parent' -and $member -notmatch 'Cell' -and $member -notmatch 'Columns' -and $member -notmatch 'Rows') 234 | { 235 | If($member.TypeName -match '__' -and $member.TypeName -notmatch '57da806104b8') 236 | { 237 | If($member -match $Term) 238 | { 239 | Write-Host "ProgID: $o" 240 | "$CLSID.$member" 241 | } 242 | $membernames = $member.Name 243 | ForEach($membername in $membernames) 244 | { 245 | $m1members = $com.$membername | gm 246 | ForEach($m1member in $m1members) 247 | { 248 | If($m1member -notmatch 'Parent' -and $m1member -notmatch 'Cell' -and $m1member -notmatch 'Columns' -and $m1member -notmatch 'Rows') 249 | { 250 | If($m1member.TypeName -match '__') 251 | { 252 | If($m1member -match $Term) 253 | { 254 | Write-Host "ProgID: $o" 255 | "$CLSID.$member.$m1member" 256 | } 257 | $m1membernames = $m1member.Name 258 | ForEach($m1membername in $m1membernames) 259 | { 260 | $m2members = $com.$membername.$m1membername | gm 261 | ForEach($m2member in $m2members) 262 | { 263 | If($m2member -notmatch 'Parent' -and $m2member -notmatch 'Cell' -and $m2member -notmatch 'Columns' -and $m2member -notmatch 'Rows') 264 | { 265 | If($m2member.TypeName -match '__') 266 | { 267 | If($m2member -match $Term) 268 | { 269 | Write-Host "ProgID: $o" 270 | "$CLSID.$member.$m1member.$m2member" 271 | } 272 | } 273 | } 274 | } 275 | } 276 | } 277 | } 278 | } 279 | } 280 | } 281 | } 282 | } 283 | } 284 | } 285 | } 286 | } 287 | --------------------------------------------------------------------------------