From 26b433902f143b04b86e4ec890d67a928c34dac9 Mon Sep 17 00:00:00 2001 From: decalage2 Date: Tue, 9 Oct 2018 21:34:49 +0200 Subject: [PATCH] olevba: backspace characters are displayed in red using colorclass (issue #358) --- oletools/olevba.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/oletools/olevba.py b/oletools/olevba.py index d47891d..501eca9 100644 --- a/oletools/olevba.py +++ b/oletools/olevba.py @@ -279,6 +279,12 @@ except ImportError: + "see http://codespeak.net/lxml " \ + "or http://effbot.org/zone/element-index.htm") +import colorclass + +# On Windows, colorclass needs to be enabled: +if os.name == 'nt': + colorclass.Windows.enable(auto_colors=True) + # IMPORTANT: it should be possible to run oletools directly as scripts # in any directory without installing them with pip or setup.py. @@ -3236,8 +3242,13 @@ class VBA_Parser_CLI(VBA_Parser): # check if the VBA code contains special characters such as backspace (issue #358) if b'\x08' in vba_code_filtered: log.warning('The VBA code contains special characters such as backspace, that may be used for obfuscation.') + if sys.stdout.isatty(): + # if the standard output is the console, we'll display colors + backspace = colorclass.Color(b'{autored}\\x08{/red}') + else: + backspace = b'\\x08' # replace backspace by "\x08" for display - vba_code_filtered = vba_code_filtered.replace(b'\x08', b'\\x08') + vba_code_filtered = vba_code_filtered.replace(b'\x08', backspace) print(vba_code_filtered) for (subfilename, stream_path, form_string) in self.extract_form_strings(): print('-' * 79) -- libgit2 0.21.4