.just a small video, which shows how to reconstruct the COM code of a malware function which dumps the windows protected storage.
http://www.reconstructer.org/papers/Practical%20COM%20code%20reconstruction.swf
and the vtables.py script, which adds all known vtables from the ms psdk 2003-r2 to an idb file.
http://www.reconstructer.org/code/VtablesStructuresFromPSDK2003R2.zip
maybe some people will find it useful.
cheers,
frank
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}