Skip to content

Commit

Permalink
Use COM instead of bytes features (#864)
Browse files Browse the repository at this point in the history 
* use com instead of byte features
  • Loading branch information
@mr-tz
mr-tz authored Dec 18, 2023
1 parent eecc7e8 commit 047b4c2
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
8 changes: 4 additions & 4 deletions host-interaction/hardware/enumerate-devices-by-category.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@ rule:
features:
- and:
- and:
- bytes: 10 5D BE 62 EB 60 D0 11 BD 3B 00 A0 C9 11 CE 86 = SystemDeviceEnum
- bytes: 22 08 84 29 84 5B D0 11 BD 3B 00 A0 C9 11 CE 86 = ICreateDevEnum
- com/class: SystemDeviceEnum # 10 5D BE 62 EB 60 D0 11 BD 3B 00 A0 C9 11 CE 86 = SystemDeviceEnum
- com/interface: ICreateDevEnum # 22 08 84 29 84 5B D0 11 BD 3B 00 A0 C9 11 CE 86 = ICreateDevEnum
- offset: 0xC = ICreateDevEnumVtbl.CreateClassEnumerator
- optional:
- description: class identifier (CLSID) of the device category
- bytes: 10 B3 0B 86 01 5D D0 11 BD 3B 00 A0 C9 11 CE 86 = CVidCapClassManager
- bytes: 62 A7 D9 33 C8 90 D0 11 BD 43 00 A0 C9 11 CE 86 = CWaveinClassManager
- com/class: CVidCapClassManager # 10 B3 0B 86 01 5D D0 11 BD 3B 00 A0 C9 11 CE 86 = CVidCapClassManager
- com/class: CWaveinClassManager # 62 A7 D9 33 C8 90 D0 11 BD 43 00 A0 C9 11 CE 86 = CWaveinClassManager
4 changes: 2 additions & 2 deletions host-interaction/wmi/connect-to-wmi-namespace-via-wbemlocator.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@ rule:
- basic block:
- and:
- api: ole32.CoCreateInstance
- bytes: 11 F8 90 45 3A 1D D0 11 89 1F 00 AA 00 4B 2E 24 = CLSID_WbemLocator
- bytes: 87 A6 12 DC 7F 73 CF 11 88 4D 00 AA 00 4B 2E 24 = IID_IWbemLocator
- com/class: WbemLocator # 11 F8 90 45 3A 1D D0 11 89 1F 00 AA 00 4B 2E 24 = CLSID_WbemLocator
- com/interface: IWbemLocator # 87 A6 12 DC 7F 73 CF 11 88 4D 00 AA 00 4B 2E 24 = IID_IWbemLocator
- or:
- and:
- arch: i386
Expand Down

0 comments on commit 047b4c2

Please sign in to comment.