From 6fa2ba9712fefcde67580a5a3fc948fc88384ce0 Mon Sep 17 00:00:00 2001
From: decalage2 <decalage@laposte.net>
Date: Tue, 25 Oct 2016 21:40:55 +0200
Subject: [PATCH] olevba3: fixed regex bytes strings (PR/issue #100)

---
 oletools/olevba3.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/oletools/olevba3.py b/oletools/olevba3.py
index 348b80d..cf3b447 100755
--- a/oletools/olevba3.py
+++ b/oletools/olevba3.py
@@ -178,6 +178,7 @@ https://github.com/unixfreak0037/officeparser
 # 2016-06-12 v0.50 PL: - fixed small bugs in VBA parsing code
 # 2016-07-01       PL: - fixed issue #58 with format() to support Python 2.6
 # 2016-07-29       CH: - fixed several bugs including #73 (Mac Roman encoding)
+# 2016-10-25       PL: - fixed regex bytes strings (PR/issue #100)
 
 __version__ = '0.50'
 
@@ -632,7 +633,7 @@ re_dridex_string = re.compile(r'"[0-9A-Za-z]{20,}"')
 re_nothex_check = re.compile(r'[G-Zg-z]')
 
 # regex to extract printable strings (at least 5 chars) from VBA Forms:
-re_printable_string = re.compile(rb'[\t\r\n\x20-\xFF]{5,}')
+re_printable_string = re.compile(b'[\\t\\r\\n\\x20-\\xFF]{5,}')
 
 
 # === PARTIAL VBA GRAMMAR ====================================================
@@ -2686,7 +2687,7 @@ class VBA_Parser(object):
                     # read data
                     log.debug('Reading data from stream %r' % d.name)
                     data = ole._open(d.isectStart, d.size).read()
-                    for match in re.finditer(rb'\x00Attribut[^e]', data, flags=re.IGNORECASE):
+                    for match in re.finditer(b'\\x00Attribut[^e]', data, flags=re.IGNORECASE):
                         start = match.start() - 3
                         log.debug('Found VBA compressed code at index %X' % start)
                         compressed_code = data[start:]
--
libgit2 0.21.4