diff --git a/oletools/thirdparty/olefile/LICENSE.txt b/oletools/thirdparty/olefile/LICENSE.txt
index 3d35c72..418c1da 100644
--- a/oletools/thirdparty/olefile/LICENSE.txt
+++ b/oletools/thirdparty/olefile/LICENSE.txt
@@ -1,6 +1,6 @@
LICENSE for the olefile package:
-olefile (formerly OleFileIO_PL) is copyright (c) 2005-2014 Philippe Lagadec
+olefile (formerly OleFileIO_PL) is copyright (c) 2005-2015 Philippe Lagadec
(http://www.decalage.info)
All rights reserved.
diff --git a/oletools/thirdparty/olefile/README.html b/oletools/thirdparty/olefile/README.html
index 427397f..65b590d 100644
--- a/oletools/thirdparty/olefile/README.html
+++ b/oletools/thirdparty/olefile/README.html
@@ -8,25 +8,21 @@
-olefile is a Python package to parse, read and write [Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format)] (http://en.wikipedia.org/wiki/Compound_File_Binary_Format), such as Microsoft Office 97-2003 documents, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc.
+olefile is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, vbaProject.bin in MS Office 2007+ files, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc.
Quick links: Home page - Download/Install - Documentation - Report Issues/Suggestions/Questions - Contact the author - Repository - Updates on Twitter
-olefile is based on the OleFileIO module from PIL, the excellent Python Imaging Library, created and maintained by Fredrik Lundh. The olefile API is still compatible with PIL, but since 2005 I have improved the internal implementation significantly, with new features, bugfixes and a more robust design. From 2005 to 2014 the project was called OleFileIO_PL, and in 2014 I changed its name to olefile to celebrate its 9 years and its new write features.
-As far as I know, this module is the most complete and robust Python implementation to read MS OLE2 files, portable on several operating systems. (please tell me if you know other similar Python modules)
-Since 2014 olefile/OleFileIO_PL has been integrated into Pillow, the friendly fork of PIL. olefile will continue to be improved as a separate project, and new versions will be merged into Pillow regularly.
-olefile can be used as an independent module or with PIL/Pillow.
-olefile is mostly meant for developers. If you are looking for tools to analyze OLE files or to extract data (especially for security purposes such as malware analysis and forensics), then please also check my [python-oletools] (http://www.decalage.info/python/oletools), which are built upon olefile and provide a higher-level interface.
News
Follow all updates and news on Twitter: https://twitter.com/decalage2
-- 2014-11-25 v0.41: OleFileIO.open and isOleFile now support OLE files stored in byte strings, fixed installer for python 3, added support for Jython (Niko Ehrenfeuchter)
+- 2015-01-25 v0.42: improved handling of special characters in stream/storage names on Python 2.x (using UTF-8 instead of Latin-1), fixed bug in listdir with empty storages.
+- 2014-11-25 v0.41: OleFileIO.open and isOleFile now support OLE files stored in byte strings, fixed installer for python 3, added support for Jython (Niko Ehrenfeuchter)
- 2014-10-01 v0.40: renamed OleFileIO_PL to olefile, added initial write support for streams >4K, updated doc and license, improved the setup script.
- 2014-07-27 v0.31: fixed support for large files with 4K sectors, thanks to Niko Ehrenfeuchter, Martijn Berger and Dave Jones. Added test scripts from Pillow (by hugovk). Fixed setup for Python 3 (Martin Panter)
- 2014-02-04 v0.30: now compatible with Python 3.x, thanks to Martin Panter who did most of the hard work.
- 2013-07-24 v0.26: added methods to parse stream/storage timestamps, improved listdir to include storages, fixed parsing of direntry timestamps
-- 2013-05-27 v0.25: improved metadata extraction, properties parsing and exception handling, fixed [issue #12] (https://bitbucket.org/decalage/olefileio_pl/issue/12/error-when-converting-timestamps-in-ole)
+- 2013-05-27 v0.25: improved metadata extraction, properties parsing and exception handling, fixed issue #12
- 2013-05-07 v0.24: new features to extract metadata (get_metadata method and OleMetadata class), improved getproperties to convert timestamps to Python datetime
- 2012-10-09: published python-oletools, a package of analysis tools based on OleFileIO_PL
-- 2012-09-11 v0.23: added support for file-like objects, fixed [issue #8] (https://bitbucket.org/decalage/olefileio_pl/issue/8/bug-with-file-object)
+- 2012-09-11 v0.23: added support for file-like objects, fixed issue #8
- 2012-02-17 v0.22: fixed issues #7 (bug in getproperties) and #2 (added close method)
- 2011-10-20: code hosted on bitbucket to ease contributions and bug tracking
- 2010-01-24 v0.21: fixed support for big-endian CPUs, such as PowerPC Macs.
@@ -35,7 +31,9 @@
- see changelog in source code for more info.
Download/Install
-If you have pip or setuptools installed, you may simply run "pip install olefile" or "easy_install olefile". Otherwise, see https://bitbucket.org/decalage/olefileio_pl/wiki/Install
+If you have pip or setuptools installed (pip is included in Python 2.7.9+), you may simply run pip install olefile or easy_install olefile for the first installation.
+To update olefile, run pip install -U olefile.
+Otherwise, see https://bitbucket.org/decalage/olefileio_pl/wiki/Install
Features
- Parse, read and write any OLE file such as Microsoft Office 97-2003 legacy document formats (Word .doc, Excel .xls, PowerPoint .ppt, Visio .vsd, Project .mpp), Image Composer and FlashPix files, Outlook messages, StickyNotes, Zeiss AxioVision ZVI files, Olympus FluoView OIB files, etc
@@ -44,6 +42,12 @@
- Parse and read property streams, containing metadata of the file
- Portable, pure Python module, no dependency
+olefile can be used as an independent package or with PIL/Pillow.
+olefile is mostly meant for developers. If you are looking for tools to analyze OLE files or to extract data (especially for security purposes such as malware analysis and forensics), then please also check my python-oletools, which are built upon olefile and provide a higher-level interface.
+History
+olefile is based on the OleFileIO module from PIL, the excellent Python Imaging Library, created and maintained by Fredrik Lundh. The olefile API is still compatible with PIL, but since 2005 I have improved the internal implementation significantly, with new features, bugfixes and a more robust design. From 2005 to 2014 the project was called OleFileIO_PL, and in 2014 I changed its name to olefile to celebrate its 9 years and its new write features.
+As far as I know, olefile is the most complete and robust Python implementation to read MS OLE2 files, portable on several operating systems. (please tell me if you know other similar Python modules)
+Since 2014 olefile/OleFileIO_PL has been integrated into Pillow, the friendly fork of PIL. olefile will continue to be improved as a separate project, and new versions will be merged into Pillow regularly.
Main improvements over the original version of OleFileIO in PIL:
- Compatible with Python 3.x and 2.6+
@@ -60,12 +64,12 @@
- Write features
Documentation
-Please see the online documentation for more information, especially the OLE overview and the [API page] (https://bitbucket.org/decalage/olefileio_pl/wiki/API) which describe how to use olefile in Python applications. A copy of the same documentation is also provided in the doc subfolder of the olefile package.
+Please see the online documentation for more information, especially the OLE overview and the API page which describe how to use olefile in Python applications. A copy of the same documentation is also provided in the doc subfolder of the olefile package.
Real-life examples
-A real-life example: [using OleFileIO_PL for malware analysis and forensics] (http://blog.gregback.net/2011/03/using-remnux-for-forensic-puzzle-6/).
+A real-life example: using OleFileIO_PL for malware analysis and forensics.
See also this paper about python tools for forensics, which features olefile.
License
-olefile (formerly OleFileIO_PL) is copyright (c) 2005-2014 Philippe Lagadec (http://www.decalage.info)
+olefile (formerly OleFileIO_PL) is copyright (c) 2005-2015 Philippe Lagadec (http://www.decalage.info)
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
diff --git a/oletools/thirdparty/olefile/README.rst b/oletools/thirdparty/olefile/README.rst
index b3f72dd..e37a110 100644
--- a/oletools/thirdparty/olefile/README.rst
+++ b/oletools/thirdparty/olefile/README.rst
@@ -1,14 +1,14 @@
olefile (formerly OleFileIO\_PL)
================================
-`olefile `_ is a Python
-package to parse, read and write [Microsoft OLE2 files (also called
-Structured Storage, Compound File Binary Format or Compound Document
-File Format)]
-(http://en.wikipedia.org/wiki/Compound\_File\_Binary\_Format), such as
-Microsoft Office 97-2003 documents, Image Composer and FlashPix files,
-Outlook messages, StickyNotes, several Microscopy file formats, McAfee
-antivirus quarantine files, etc.
+`olefile `_ is a Python package to
+parse, read and write `Microsoft OLE2
+files `_ (also
+called Structured Storage, Compound File Binary Format or Compound
+Document File Format), such as Microsoft Office 97-2003 documents,
+vbaProject.bin in MS Office 2007+ files, Image Composer and FlashPix
+files, Outlook messages, StickyNotes, several Microscopy file formats,
+McAfee antivirus quarantine files, etc.
**Quick links:** `Home page `_ -
`Download/Install `_
@@ -19,40 +19,17 @@ Issues/Suggestions/Questions `_ - `Updates
on Twitter `_
-olefile is based on the OleFileIO module from
-`PIL `_, the excellent
-Python Imaging Library, created and maintained by Fredrik Lundh. The
-olefile API is still compatible with PIL, but since 2005 I have improved
-the internal implementation significantly, with new features, bugfixes
-and a more robust design. From 2005 to 2014 the project was called
-OleFileIO\_PL, and in 2014 I changed its name to olefile to celebrate
-its 9 years and its new write features.
-
-As far as I know, this module is the most complete and robust Python
-implementation to read MS OLE2 files, portable on several operating
-systems. (please tell me if you know other similar Python modules)
-
-Since 2014 olefile/OleFileIO\_PL has been integrated into
-`Pillow `_, the friendly fork of PIL.
-olefile will continue to be improved as a separate project, and new
-versions will be merged into Pillow regularly.
-
-olefile can be used as an independent module or with PIL/Pillow.
-
-olefile is mostly meant for developers. If you are looking for tools to
-analyze OLE files or to extract data (especially for security purposes
-such as malware analysis and forensics), then please also check my
-[python-oletools] (http://www.decalage.info/python/oletools), which are
-built upon olefile and provide a higher-level interface.
-
News
----
Follow all updates and news on Twitter: https://twitter.com/decalage2
-- **2014-11-25 v0.41**: OleFileIO.open and isOleFile now support OLE
- files stored in byte strings, fixed installer for python 3, added
- support for Jython (Niko Ehrenfeuchter)
+- **2015-01-25 v0.42**: improved handling of special characters in
+ stream/storage names on Python 2.x (using UTF-8 instead of Latin-1),
+ fixed bug in listdir with empty storages.
+- 2014-11-25 v0.41: OleFileIO.open and isOleFile now support OLE files
+ stored in byte strings, fixed installer for python 3, added support
+ for Jython (Niko Ehrenfeuchter)
- 2014-10-01 v0.40: renamed OleFileIO\_PL to olefile, added initial
write support for streams >4K, updated doc and license, improved the
setup script.
@@ -66,17 +43,16 @@ Follow all updates and news on Twitter: https://twitter.com/decalage2
improved listdir to include storages, fixed parsing of direntry
timestamps
- 2013-05-27 v0.25: improved metadata extraction, properties parsing
- and exception handling, fixed [issue #12]
- (https://bitbucket.org/decalage/olefileio\_pl/issue/12/error-when-converting-timestamps-in-ole)
+ and exception handling, fixed `issue
+ #12 `_
- 2013-05-07 v0.24: new features to extract metadata (get\_metadata
method and OleMetadata class), improved getproperties to convert
timestamps to Python datetime
- 2012-10-09: published
`python-oletools `_, a
package of analysis tools based on OleFileIO\_PL
-- 2012-09-11 v0.23: added support for file-like objects, fixed [issue
- #8]
- (https://bitbucket.org/decalage/olefileio\_pl/issue/8/bug-with-file-object)
+- 2012-09-11 v0.23: added support for file-like objects, fixed `issue
+ #8 `_
- 2012-02-17 v0.22: fixed issues #7 (bug in getproperties) and #2
(added close method)
- 2011-10-20: code hosted on bitbucket to ease contributions and bug
@@ -92,9 +68,13 @@ Follow all updates and news on Twitter: https://twitter.com/decalage2
Download/Install
----------------
-If you have pip or setuptools installed, you may simply run "**pip
-install olefile**\ " or "**easy\_install olefile**\ ". Otherwise, see
-https://bitbucket.org/decalage/olefileio\_pl/wiki/Install
+If you have pip or setuptools installed (pip is included in Python
+2.7.9+), you may simply run **pip install olefile** or **easy\_install
+olefile** for the first installation.
+
+To update olefile, run **pip install -U olefile**.
+
+Otherwise, see https://bitbucket.org/decalage/olefileio\_pl/wiki/Install
Features
--------
@@ -109,6 +89,35 @@ Features
- Parse and read property streams, containing metadata of the file
- Portable, pure Python module, no dependency
+olefile can be used as an independent package or with PIL/Pillow.
+
+olefile is mostly meant for developers. If you are looking for tools to
+analyze OLE files or to extract data (especially for security purposes
+such as malware analysis and forensics), then please also check my
+`python-oletools `_, which are
+built upon olefile and provide a higher-level interface.
+
+History
+-------
+
+olefile is based on the OleFileIO module from
+`PIL `_, the excellent
+Python Imaging Library, created and maintained by Fredrik Lundh. The
+olefile API is still compatible with PIL, but since 2005 I have improved
+the internal implementation significantly, with new features, bugfixes
+and a more robust design. From 2005 to 2014 the project was called
+OleFileIO\_PL, and in 2014 I changed its name to olefile to celebrate
+its 9 years and its new write features.
+
+As far as I know, olefile is the most complete and robust Python
+implementation to read MS OLE2 files, portable on several operating
+systems. (please tell me if you know other similar Python modules)
+
+Since 2014 olefile/OleFileIO\_PL has been integrated into
+`Pillow `_, the friendly fork of PIL.
+olefile will continue to be improved as a separate project, and new
+versions will be merged into Pillow regularly.
+
Main improvements over the original version of OleFileIO in PIL:
----------------------------------------------------------------
@@ -134,18 +143,17 @@ Please see the `online
documentation `_ for
more information, especially the `OLE
overview `_
-and the [API page]
-(https://bitbucket.org/decalage/olefileio\_pl/wiki/API) which describe
-how to use olefile in Python applications. A copy of the same
+and the `API
+page `_ which
+describe how to use olefile in Python applications. A copy of the same
documentation is also provided in the doc subfolder of the olefile
package.
Real-life examples
------------------
-A real-life example: [using OleFileIO\_PL for malware analysis and
-forensics]
-(http://blog.gregback.net/2011/03/using-remnux-for-forensic-puzzle-6/).
+A real-life example: `using OleFileIO\_PL for malware analysis and
+forensics `_.
See also `this
paper `_
@@ -154,7 +162,7 @@ about python tools for forensics, which features olefile.
License
-------
-olefile (formerly OleFileIO\_PL) is copyright (c) 2005-2014 Philippe
+olefile (formerly OleFileIO\_PL) is copyright (c) 2005-2015 Philippe
Lagadec (`http://www.decalage.info `_)
All rights reserved.
diff --git a/oletools/thirdparty/olefile/__init__.py b/oletools/thirdparty/olefile/__init__.py
index d9310e0..a0c3512 100644
--- a/oletools/thirdparty/olefile/__init__.py
+++ b/oletools/thirdparty/olefile/__init__.py
@@ -10,7 +10,7 @@ This version is compatible with Python 2.6+ and 3.x
Project website: http://www.decalage.info/olefile
-olefile is copyright (c) 2005-2014 Philippe Lagadec (http://www.decalage.info)
+olefile is copyright (c) 2005-2015 Philippe Lagadec (http://www.decalage.info)
olefile is based on the OleFileIO module from the PIL library v1.1.6
See: http://www.pythonware.com/products/pil/index.htm
diff --git a/oletools/thirdparty/olefile/doc/API.html b/oletools/thirdparty/olefile/doc/API.html
index 79eb8dc..633755e 100644
--- a/oletools/thirdparty/olefile/doc/API.html
+++ b/oletools/thirdparty/olefile/doc/API.html
@@ -56,16 +56,22 @@ else:
ole = olefile.OleFileIO('test.doc', write_mode=True)
(new in v0.40)
The code for write features is new and it has not been thoroughly tested yet. See issue #6 for the roadmap and the implementation status. If you encounter any issue, please send me your feedback or report issues.
-Syntax for stream and storage path
+Syntax for stream and storage paths
Two different syntaxes are allowed for methods that need or return the path of streams and storages:
Either a list of strings including all the storages from the root up to the stream/storage name. For example a stream called "WordDocument" at the root will have ['WordDocument'] as full path. A stream called "ThisDocument" located in the storage "Macros/VBA" will be ['Macros', 'VBA', 'ThisDocument']. This is the original syntax from PIL. While hard to read and not very convenient, this syntax works in all cases.
Or a single string with slashes to separate storage and stream names (similar to the Unix path syntax). The previous examples would be 'WordDocument' and 'Macros/VBA/ThisDocument'. This syntax is easier, but may fail if a stream or storage name contains a slash. (new in v0.15)
Or a single string with slashes to separate storage and stream names (similar to the Unix path syntax). The previous examples would be 'WordDocument' and 'Macros/VBA/ThisDocument'. This syntax is easier, but may fail if a stream or storage name contains a slash (which is normally not allowed, according to the Microsoft specifications [MS-CFB]). (new in v0.15)
Both are case-insensitive.
Switching between the two is easy:
slash_path = '/'.join(list_path)
list_path = slash_path.split('/')
+Encoding:
+
+- Stream and Storage names are stored in Unicode format in OLE files, which means they may contain special characters (e.g. Greek, Cyrillic, Japanese, etc) that applications must support to avoid exceptions.
+- On Python 2.x, all stream and storage paths are handled by olefile in bytes strings, using the UTF-8 encoding by default. If you need to use Unicode instead, add the option path_encoding=None when creating the OleFileIO object. This is new in v0.42. Olefile was using the Latin-1 encoding until v0.41, therefore special characters were not supported.
+- On Python 3.x, all stream and storage paths are handled by olefile in unicode strings, without encoding.
+
Get the list of streams
listdir() returns a list of all the streams contained in the OLE file, including those stored in storages. Each stream is listed itself as a list, as described above.
print(ole.listdir())
diff --git a/oletools/thirdparty/olefile/doc/API.md b/oletools/thirdparty/olefile/doc/API.md
index 169ad6a..e4a9667 100644
--- a/oletools/thirdparty/olefile/doc/API.md
+++ b/oletools/thirdparty/olefile/doc/API.md
@@ -112,13 +112,18 @@ Before using the write features, the OLE file must be opened in read/write mode:
The code for write features is new and it has not been thoroughly tested yet. See [issue #6](https://bitbucket.org/decalage/olefileio_pl/issue/6/improve-olefileio_pl-to-write-ole-files) for the roadmap and the implementation status. If you encounter any issue, please send me your [feedback](http://www.decalage.info/en/contact) or [report issues](https://bitbucket.org/decalage/olefileio_pl/issues?status=new&status=open).
-## Syntax for stream and storage path
+## Syntax for stream and storage paths
Two different syntaxes are allowed for methods that need or return the path of streams and storages:
-1) Either a **list of strings** including all the storages from the root up to the stream/storage name. For example a stream called "WordDocument" at the root will have ['WordDocument'] as full path. A stream called "ThisDocument" located in the storage "Macros/VBA" will be ['Macros', 'VBA', 'ThisDocument']. This is the original syntax from PIL. While hard to read and not very convenient, this syntax works in all cases.
+1) Either a **list of strings** including all the storages from the root up to the stream/storage name. For example a
+stream called "WordDocument" at the root will have ['WordDocument'] as full path. A stream called "ThisDocument"
+located in the storage "Macros/VBA" will be ['Macros', 'VBA', 'ThisDocument']. This is the original syntax from PIL.
+While hard to read and not very convenient, this syntax works in all cases.
-2) Or a **single string with slashes** to separate storage and stream names (similar to the Unix path syntax). The previous examples would be 'WordDocument' and 'Macros/VBA/ThisDocument'. This syntax is easier, but may fail if a stream or storage name contains a slash. (new in v0.15)
+2) Or a **single string with slashes** to separate storage and stream names (similar to the Unix path syntax).
+The previous examples would be 'WordDocument' and 'Macros/VBA/ThisDocument'. This syntax is easier, but may fail if a
+stream or storage name contains a slash (which is normally not allowed, according to the Microsoft specifications [MS-CFB]). (new in v0.15)
Both are case-insensitive.
@@ -128,10 +133,20 @@ Switching between the two is easy:
slash_path = '/'.join(list_path)
list_path = slash_path.split('/')
+**Encoding**:
+
+- Stream and Storage names are stored in Unicode format in OLE files, which means they may contain special characters
+ (e.g. Greek, Cyrillic, Japanese, etc) that applications must support to avoid exceptions.
+- **On Python 2.x**, all stream and storage paths are handled by olefile in bytes strings, using the **UTF-8 encoding**
+ by default. If you need to use Unicode instead, add the option **path_encoding=None** when creating the OleFileIO
+ object. This is new in v0.42. Olefile was using the Latin-1 encoding until v0.41, therefore special characters were
+ not supported.
+- **On Python 3.x**, all stream and storage paths are handled by olefile in unicode strings, without encoding.
## Get the list of streams
-listdir() returns a list of all the streams contained in the OLE file, including those stored in storages. Each stream is listed itself as a list, as described above.
+listdir() returns a list of all the streams contained in the OLE file, including those stored in storages.
+Each stream is listed itself as a list, as described above.
:::python
print(ole.listdir())
diff --git a/oletools/thirdparty/olefile/doc/Home.html b/oletools/thirdparty/olefile/doc/Home.html
index 1b56107..57e734d 100644
--- a/oletools/thirdparty/olefile/doc/Home.html
+++ b/oletools/thirdparty/olefile/doc/Home.html
@@ -7,16 +7,18 @@
-olefile v0.41 documentation
+olefile v0.42 documentation
This is the home page of the documentation for olefile. The latest version can be found online, otherwise a copy is provided in the doc subfolder of the package.
-olefile is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc.
+olefile is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc.
Quick links: Home page - Download/Install - Documentation - Report Issues/Suggestions/Questions - Contact the author - Repository - Updates on Twitter
-History
-olefile is based on the OleFileIO module from PIL, the excellent Python Imaging Library, created and maintained by Fredrik Lundh. The olefile API is still compatible with PIL, but since 2005 I have improved the internal implementation significantly, with new features, bugfixes and a more robust design. From 2005 to 2014 the project was called OleFileIO_PL, and in 2014 I changed its name to olefile to celebrate its 9 years and its new write features.
-As far as I know, this module is the most complete and robust Python implementation to read MS OLE2 files, portable on several operating systems. (please tell me if you know other similar Python modules)
-Since 2014 olefile/OleFileIO_PL has been integrated into Pillow, the friendly fork of PIL. olefile will continue to be improved as a separate project, and new versions will be merged into Pillow regularly.
-olefile can be used as an independent module or with PIL/Pillow.
-olefile is mostly meant for developers. If you are looking for tools to analyze OLE files or to extract data (especially for security purposes such as malware analysis and forensics), then please also check my python-oletools, which are built upon olefile and provide a higher-level interface.
+Documentation pages
+
Features
- Parse, read and write any OLE file such as Microsoft Office 97-2003 legacy document formats (Word .doc, Excel .xls, PowerPoint .ppt, Visio .vsd, Project .mpp), Image Composer and FlashPix files, Outlook messages, StickyNotes, Zeiss AxioVision ZVI files, Olympus FluoView OIB files, etc
@@ -25,6 +27,12 @@
- Parse and read property streams, containing metadata of the file
- Portable, pure Python module, no dependency
+olefile can be used as an independent module or with PIL/Pillow.
+olefile is mostly meant for developers. If you are looking for tools to analyze OLE files or to extract data (especially for security purposes such as malware analysis and forensics), then please also check my python-oletools, which are built upon olefile and provide a higher-level interface.
+History
+olefile is based on the OleFileIO module from PIL, the excellent Python Imaging Library, created and maintained by Fredrik Lundh. The olefile API is still compatible with PIL, but since 2005 I have improved the internal implementation significantly, with new features, bugfixes and a more robust design. From 2005 to 2014 the project was called OleFileIO_PL, and in 2014 I changed its name to olefile to celebrate its 9 years and its new write features.
+As far as I know, this module is the most complete and robust Python implementation to read MS OLE2 files, portable on several operating systems. (please tell me if you know other similar Python modules)
+Since 2014 olefile/OleFileIO_PL has been integrated into Pillow, the friendly fork of PIL. olefile will continue to be improved as a separate project, and new versions will be merged into Pillow regularly.
Main improvements over the original version of OleFileIO in PIL:
- Compatible with Python 3.x and 2.6+
diff --git a/oletools/thirdparty/olefile/doc/Home.md b/oletools/thirdparty/olefile/doc/Home.md
index 2fc72ca..4f22e55 100644
--- a/oletools/thirdparty/olefile/doc/Home.md
+++ b/oletools/thirdparty/olefile/doc/Home.md
@@ -1,35 +1,68 @@
-olefile v0.41 documentation
+olefile v0.42 documentation
===========================
-This is the home page of the documentation for olefile. The latest version can be found [online](https://bitbucket.org/decalage/olefileio_pl/wiki), otherwise a copy is provided in the doc subfolder of the package.
+This is the home page of the documentation for olefile. The latest version can be found
+[online](https://bitbucket.org/decalage/olefileio_pl/wiki), otherwise a copy is provided in the doc subfolder of the package.
-[olefile](http://www.decalage.info/olefile) is a Python package to parse, read and write [Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format)](http://en.wikipedia.org/wiki/Compound_File_Binary_Format), such as Microsoft Office 97-2003 documents, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc.
+[olefile](http://www.decalage.info/olefile) is a Python package to parse, read and write
+[Microsoft OLE2 files](http://en.wikipedia.org/wiki/Compound_File_Binary_Format)
+(also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft
+Office 97-2003 documents, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file
+formats, McAfee antivirus quarantine files, etc.
-**Quick links:** [Home page](http://www.decalage.info/olefile) - [Download/Install](https://bitbucket.org/decalage/olefileio_pl/wiki/Install) - [Documentation](https://bitbucket.org/decalage/olefileio_pl/wiki) - [Report Issues/Suggestions/Questions](https://bitbucket.org/decalage/olefileio_pl/issues?status=new&status=open) - [Contact the author](http://decalage.info/contact) - [Repository](https://bitbucket.org/decalage/olefileio_pl) - [Updates on Twitter](https://twitter.com/decalage2)
+**Quick links:**
+[Home page](http://www.decalage.info/olefile) -
+[Download/Install](https://bitbucket.org/decalage/olefileio_pl/wiki/Install) -
+[Documentation](https://bitbucket.org/decalage/olefileio_pl/wiki) -
+[Report Issues/Suggestions/Questions](https://bitbucket.org/decalage/olefileio_pl/issues?status=new&status=open) -
+[Contact the author](http://decalage.info/contact) -
+[Repository](https://bitbucket.org/decalage/olefileio_pl) -
+[Updates on Twitter](https://twitter.com/decalage2)
-History
--------
-
-olefile is based on the OleFileIO module from [PIL](http://www.pythonware.com/products/pil/index.htm), the excellent Python Imaging Library, created and maintained by Fredrik Lundh. The olefile API is still compatible with PIL, but since 2005 I have improved the internal implementation significantly, with new features, bugfixes and a more robust design. From 2005 to 2014 the project was called OleFileIO_PL, and in 2014 I changed its name to olefile to celebrate its 9 years and its new write features.
-
-As far as I know, this module is the most complete and robust Python implementation to read MS OLE2 files, portable on several operating systems. (please tell me if you know other similar Python modules)
-
-Since 2014 olefile/OleFileIO_PL has been integrated into [Pillow](http://python-imaging.github.io/), the friendly fork of PIL. olefile will continue to be improved as a separate project, and new versions will be merged into Pillow regularly.
+Documentation pages
+-------------------
-olefile can be used as an independent module or with PIL/Pillow.
+- [[License]]
+- [[Install]]
+- [[Contribute]], Suggest Improvements or Report Issues
+- [[OLE_Overview]]
+- [[API]] and Usage
-olefile is mostly meant for developers. If you are looking for tools to analyze OLE files or to extract data (especially for security purposes such as malware analysis and forensics), then please also check my [python-oletools](http://www.decalage.info/python/oletools), which are built upon olefile and provide a higher-level interface.
Features
--------
-- Parse, read and write any OLE file such as Microsoft Office 97-2003 legacy document formats (Word .doc, Excel .xls, PowerPoint .ppt, Visio .vsd, Project .mpp), Image Composer and FlashPix files, Outlook messages, StickyNotes, Zeiss AxioVision ZVI files, Olympus FluoView OIB files, etc
+- Parse, read and write any OLE file such as Microsoft Office 97-2003 legacy document formats (Word .doc, Excel .xls,
+ PowerPoint .ppt, Visio .vsd, Project .mpp), Image Composer and FlashPix files, Outlook messages, StickyNotes, Zeiss
+ AxioVision ZVI files, Olympus FluoView OIB files, etc
- List all the streams and storages contained in an OLE file
- Open streams as files
- Parse and read property streams, containing metadata of the file
- Portable, pure Python module, no dependency
+olefile can be used as an independent module or with PIL/Pillow.
+
+olefile is mostly meant for developers. If you are looking for tools to analyze OLE files or to extract data
+(especially for security purposes such as malware analysis and forensics), then please also check my
+[python-oletools](http://www.decalage.info/python/oletools), which are built upon olefile and provide a higher-level
+interface.
+
+
+History
+-------
+
+olefile is based on the OleFileIO module from [PIL](http://www.pythonware.com/products/pil/index.htm), the excellent
+Python Imaging Library, created and maintained by Fredrik Lundh. The olefile API is still compatible with PIL, but
+since 2005 I have improved the internal implementation significantly, with new features, bugfixes and a more robust
+design. From 2005 to 2014 the project was called OleFileIO_PL, and in 2014 I changed its name to olefile to celebrate
+its 9 years and its new write features.
+
+As far as I know, this module is the most complete and robust Python implementation to read MS OLE2 files, portable on
+several operating systems. (please tell me if you know other similar Python modules)
+
+Since 2014 olefile/OleFileIO_PL has been integrated into [Pillow](http://python-imaging.github.io/), the friendly fork
+of PIL. olefile will continue to be improved as a separate project, and new versions will be merged into Pillow regularly.
Main improvements over the original version of OleFileIO in PIL:
----------------------------------------------------------------
diff --git a/oletools/thirdparty/olefile/doc/Install.html b/oletools/thirdparty/olefile/doc/Install.html
index a3c342c..1560a94 100644
--- a/oletools/thirdparty/olefile/doc/Install.html
+++ b/oletools/thirdparty/olefile/doc/Install.html
@@ -12,8 +12,9 @@
olefile requires Python 2.6, 2.7 or 3.x.
For Python 2.5 and older, olefile falls back to an older version (based on OleFileIO_PL 0.26) which might not contain all the enhancements implemented in olefile.
Download and Install
-To use olefile with other Python applications or your own scripts, the simplest solution is to run "pip install olefile" or "easy_install olefile" to download and install the package in one go.
-Otherwise you may download/extract the zip archive in a temporary directory and run "python setup.py install".
+To use olefile with other Python applications or your own scripts, the simplest solution is to run pip install olefile or easy_install olefile, to download and install the package in one go. Pip is part of the standard Python distribution since v2.7.9.
+To update olefile if a previous version is already installed, run pip install -U olefile.
+Otherwise you may download/extract the zip archive in a temporary directory and run python setup.py install.
On Windows you may simply double-click on install.bat.
olefile documentation
diff --git a/oletools/thirdparty/olefile/doc/Install.md b/oletools/thirdparty/olefile/doc/Install.md
index e6ed5d9..6afa624 100644
--- a/oletools/thirdparty/olefile/doc/Install.md
+++ b/oletools/thirdparty/olefile/doc/Install.md
@@ -6,15 +6,21 @@ Pre-requisites
olefile requires Python 2.6, 2.7 or 3.x.
-For Python 2.5 and older, olefile falls back to an older version (based on OleFileIO_PL 0.26) which might not contain all the enhancements implemented in olefile.
+For Python 2.5 and older, olefile falls back to an older version (based on OleFileIO_PL 0.26) which might not contain
+all the enhancements implemented in olefile.
Download and Install
--------------------
-To use olefile with other Python applications or your own scripts, the simplest solution is to run "**pip install olefile**" or "**easy_install olefile**" to download and install the package in one go.
+To use olefile with other Python applications or your own scripts, the simplest solution is to run **pip install olefile**
+or **easy_install olefile**, to download and install the package in one go. Pip is part of the standard Python
+distribution since v2.7.9.
-Otherwise you may download/extract the [zip archive](https://bitbucket.org/decalage/olefileio_pl/downloads) in a temporary directory and run "**python setup.py install**".
+To update olefile if a previous version is already installed, run **pip install -U olefile**.
+
+Otherwise you may download/extract the [zip archive](https://bitbucket.org/decalage/olefileio_pl/downloads) in a
+temporary directory and run **python setup.py install**.
On Windows you may simply double-click on **install.bat**.
diff --git a/oletools/thirdparty/olefile/doc/License.html b/oletools/thirdparty/olefile/doc/License.html
index 0db426a..f83c512 100644
--- a/oletools/thirdparty/olefile/doc/License.html
+++ b/oletools/thirdparty/olefile/doc/License.html
@@ -8,7 +8,7 @@
License for olefile
-olefile (formerly OleFileIO_PL) is copyright (c) 2005-2014 Philippe Lagadec (http://www.decalage.info)
+olefile (formerly OleFileIO_PL) is copyright (c) 2005-2015 Philippe Lagadec (http://www.decalage.info)
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
diff --git a/oletools/thirdparty/olefile/doc/License.md b/oletools/thirdparty/olefile/doc/License.md
index 08fe1c3..28bc4c1 100644
--- a/oletools/thirdparty/olefile/doc/License.md
+++ b/oletools/thirdparty/olefile/doc/License.md
@@ -1,7 +1,7 @@
License for olefile
===================
-olefile (formerly OleFileIO_PL) is copyright (c) 2005-2014 Philippe Lagadec ([http://www.decalage.info](http://www.decalage.info))
+olefile (formerly OleFileIO_PL) is copyright (c) 2005-2015 Philippe Lagadec ([http://www.decalage.info](http://www.decalage.info))
All rights reserved.
diff --git a/oletools/thirdparty/olefile/olefile.html b/oletools/thirdparty/olefile/olefile.html
index b9af0eb..b7d1981 100644
--- a/oletools/thirdparty/olefile/olefile.html
+++ b/oletools/thirdparty/olefile/olefile.html
@@ -6,10 +6,10 @@
-
olefile (version 0.41, 2014-11-25) |
olefile (version 0.42, 2015-01-24)index
.\olefile.py |
- # olefile (formerly OleFileIO_PL) version 0.41 2014-11-25
+
# olefile (formerly OleFileIO_PL) version 0.42 2015-01-24
#
# Module to read/write Microsoft OLE2 files (also called Structured Storage or
# Microsoft Compound Document File Format), such as Microsoft Office 97-2003
@@ -18,7 +18,7 @@
#
# Project website: http://www.decalage.info/olefile
#
-# olefile is copyright (c) 2005-2014 Philippe Lagadec (http://www.decalage.info)
+# olefile is copyright (c) 2005-2015 Philippe Lagadec (http://www.decalage.info)
#
# olefile is based on the OleFileIO module from the PIL library v1.1.6
# See: http://www.pythonware.com/products/pil/index.htm
@@ -86,7 +86,7 @@ Library to view the resulting files (which ha
TIFF files).
| |
Methods defined here:
-- __init__(self, filename=None, raise_defects=40, write_mode=False, debug=False)
- Constructor for the OleFileIO class.
+- __init__(self, filename=None, raise_defects=40, write_mode=False, debug=False, path_encoding='utf-8')
- Constructor for the OleFileIO class.
:param filename: file to open.
@@ -104,7 +104,12 @@ TIFF files).
|
:param write_mode: bool, if True the file is opened in read/write mode instead
of read-only by default.
-:param debug: bool, set debug mode
+:param debug: bool, set debug mode
+
+:param path_encoding: None or str, name of the codec to use for path
+ names (streams and storages), or None for Unicode.
+ Unicode by default on Python 3+, UTF-8 on Python 2.x.
+ (new in olefile 0.42, was hardcoded to Latin-1 until olefile v0.41)
- close(self)
- close the OLE file, to release the file object
@@ -346,6 +351,7 @@ Data and other attributes defined here:
| | |
DEBUG_MODE = False
+DEFAULT_PATH_ENCODING = 'utf-8'
DEFECT_FATAL = 40
DEFECT_INCORRECT = 30
DEFECT_POTENTIAL = 20
@@ -354,7 +360,7 @@ Data and other attributes defined here:
ENDOFCHAIN = 4294967294L
FATSECT = 4294967293L
FREESECT = 4294967295L
-KEEP_UNICODE_NAMES = False
+KEEP_UNICODE_NAMES = True
MAGIC = '\xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1'
MAXREGSECT = 4294967290L
MAXREGSID = 4294967290L
@@ -411,8 +417,8 @@ Data and other attributes defined here:
VT_VOID = 24
WORD_CLSID = '00020900-0000-0000-C000-000000000046'
__author__ = 'Philippe Lagadec'
-__date__ = '2014-11-25'
-__version__ = '0.41'
+__date__ = '2015-01-24'
+__version__ = '0.42'
keyword = 'VT_UNKNOWN'
print_function = _Feature((2, 6, 0, 'alpha', 2), (3, 0, 0, 'alpha', 0), 65536)
var = 13 |
diff --git a/oletools/thirdparty/olefile/olefile.py b/oletools/thirdparty/olefile/olefile.py
index edb7d69..c1c70fe 100644
--- a/oletools/thirdparty/olefile/olefile.py
+++ b/oletools/thirdparty/olefile/olefile.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python
-# olefile (formerly OleFileIO_PL) version 0.42 2015-01-24
+# olefile (formerly OleFileIO_PL) version 0.42 2015-01-25
#
# Module to read/write Microsoft OLE2 files (also called Structured Storage or
# Microsoft Compound Document File Format), such as Microsoft Office 97-2003
@@ -29,8 +29,8 @@ from __future__ import print_function # This version of olefile requires Pytho
__author__ = "Philippe Lagadec"
-__date__ = "2015-01-24"
-__version__ = '0.42'
+__date__ = "2015-01-25"
+__version__ = '0.42.1'
#--- LICENSE ------------------------------------------------------------------