Difference between revisions of "Typelib"

From SpybotWiki
Jump to: navigation, search
(added info box)
m (Usage: fixed var names)
 
(One intermediate revision by the same user not shown)
Line 12: Line 12:
  
 
==Usage==
 
==Usage==
  Typelib:<typelib name(string)>[,advanced build parameters]
+
  Typelib:<name(string)>[,advanced build parameters]
  
 
===Examples===
 
===Examples===
  Typelib:"bdeplay 1.0 Type Library"
+
  Typelib:"MyMalware 1.0 Type Library"
  
 
This will detect the following registry key:
 
This will detect the following registry key:
  [HKEY_CLASSES_ROOT\TypeLib\{51958166-D5E3-11D1-AA42-0000E842E40A}]
+
  [HKEY_CLASSES_ROOT\TypeLib\{77777777-4321-1234-AAAA-0000BBBBBBBB}]
  [HKEY_CLASSES_ROOT\TypeLib\{51958166-D5E3-11D1-AA42-0000E842E40A}\1.0]
+
  [HKEY_CLASSES_ROOT\TypeLib\{77777777-4321-1234-AAAA-0000BBBBBBBB}\1.0]
  @="bdeplay 1.0 Type Library"
+
  @="MyMalware 1.0 Type Library"
  
 
===Description===
 
===Description===

Latest revision as of 16:44, 22 February 2008

Typelib
Group Registry
Main Application Version 1.3 or later
Required Update n/a
File Parameters no
Registry Parameters no
Build Parameters yes (second)
Special Parameters no

Searches the registry for a typelib with the given name.

Usage

Typelib:<name(string)>[,advanced build parameters]

Examples

Typelib:"MyMalware 1.0 Type Library"

This will detect the following registry key:

[HKEY_CLASSES_ROOT\TypeLib\{77777777-4321-1234-AAAA-0000BBBBBBBB}]
[HKEY_CLASSES_ROOT\TypeLib\{77777777-4321-1234-AAAA-0000BBBBBBBB}\1.0]
@="MyMalware 1.0 Type Library"

Description

Detects COM type libraries.

  1. The first parameter has to be the name of the type library.
  2. The second, optional, parameter allows you to specify advanced build parameters.

Unless you're looking at random GUIDs, it is recommended that you use RegyKey, possible along with advanced registry parameters to do the name check.

Scan Results

  • The identified type library registry keys.

See also

Similar commands