williballenthin
commented
6 years ago following ProjectData2 is an array of three objects:
.text:00424494 dd offset some_struct
.text:00424498 dd offset lpGUID_of_Timer1
.text:0042449C dd offset pNull0
.text:004244A0 dd offset some_struct
.text:004244A4 dd offset lpGUID_of_didList
.text:004244A8 dd offset pNull1
.text:004244AC dd offset some_struct
.text:004244B0 dd offset lpGUID_of_Form
.text:004244B4 dd offset pNull2following some_struct:
.text:0041C474 some_struct dd offset some_guid ; DATA XREF: .text:00424494↓o
.text:0041C474 ; .text:004244A0↓o ...
.text:0041C478 dd 0
.text:0041C47C dd 6
.text:0041C480 dd 9
.text:0041C484 dd offset aCProgramFilesX ; "C:\\Program Files (x86)\\Microsoft Visu"...
.text:0041C488 dd offset aVB ; "VB"
.text:0041C48C dd offset pNull3
.text:0041C490 dd 0
.text:0041C494 dd 0
.text:0041C498 dd 7EB040hwe can blindly follow these pointers to pull out the OLB path, but that doesn't seem very responsible. some questions immediately pop into mind:
- are there always three of these structs? what do they mean?
- what are the other fields of the
some_struct? - etc.
found in test binary strings: