Developers typically use meaningful names for ActiveX methods, and it

A common use to which ActiveX controls are put is as a client-side control to

verify that the client computer complies with specific security standards before

access is granted to certain server-side functionality. For example, in an attempt

to mitigate against keylogging attacks, an online banking application may

install a control that checks for the presence of a virus scanner, and the operat-

ing system patch level, before permitting a user to log in to the application.

If you need to circumvent this type of client-side control, it is usually easy to

do. The ActiveX control will typically read various details from the local com-

puter’s file system and registry as input data for its checks. You can monitor

the information being read and feed arbitrary inputs into the control that com-

ply with its security checks.

The Filemon and Regmon tools originally developed by Sysinternals (and

now owned by Microsoft) enable you to monitor all of a process’s interaction

with the computer’s file system and registry. You can filter the tools’ output to

display only the activity of the process you are interested in. When an ActiveX

control is performing security checks on the client computer, you will typically

see it querying security-relevant files and registry keys, such as items created

by antivirus products, as shown in Figure 5-8.

Figure 5-8:  Regmon being used to capture the registry access carried 

out by an ActiveX control

In this situation, it is usually sufficient to manually create the relevant file or

registry key, to convince the control that the corresponding software is installed.

If for some reason you do not wish to interfere with the actual operating system,