Commit 6fa2ba9712fefcde67580a5a3fc948fc88384ce0
1 parent
024a04ca
olevba3: fixed regex bytes strings (PR/issue #100)
Showing
1 changed file
with
3 additions
and
2 deletions
oletools/olevba3.py
| ... | ... | @@ -178,6 +178,7 @@ https://github.com/unixfreak0037/officeparser |
| 178 | 178 | # 2016-06-12 v0.50 PL: - fixed small bugs in VBA parsing code |
| 179 | 179 | # 2016-07-01 PL: - fixed issue #58 with format() to support Python 2.6 |
| 180 | 180 | # 2016-07-29 CH: - fixed several bugs including #73 (Mac Roman encoding) |
| 181 | +# 2016-10-25 PL: - fixed regex bytes strings (PR/issue #100) | |
| 181 | 182 | |
| 182 | 183 | __version__ = '0.50' |
| 183 | 184 | |
| ... | ... | @@ -632,7 +633,7 @@ re_dridex_string = re.compile(r'"[0-9A-Za-z]{20,}"') |
| 632 | 633 | re_nothex_check = re.compile(r'[G-Zg-z]') |
| 633 | 634 | |
| 634 | 635 | # regex to extract printable strings (at least 5 chars) from VBA Forms: |
| 635 | -re_printable_string = re.compile(rb'[\t\r\n\x20-\xFF]{5,}') | |
| 636 | +re_printable_string = re.compile(b'[\\t\\r\\n\\x20-\\xFF]{5,}') | |
| 636 | 637 | |
| 637 | 638 | |
| 638 | 639 | # === PARTIAL VBA GRAMMAR ==================================================== |
| ... | ... | @@ -2686,7 +2687,7 @@ class VBA_Parser(object): |
| 2686 | 2687 | # read data |
| 2687 | 2688 | log.debug('Reading data from stream %r' % d.name) |
| 2688 | 2689 | data = ole._open(d.isectStart, d.size).read() |
| 2689 | - for match in re.finditer(rb'\x00Attribut[^e]', data, flags=re.IGNORECASE): | |
| 2690 | + for match in re.finditer(b'\\x00Attribut[^e]', data, flags=re.IGNORECASE): | |
| 2690 | 2691 | start = match.start() - 3 |
| 2691 | 2692 | log.debug('Found VBA compressed code at index %X' % start) |
| 2692 | 2693 | compressed_code = data[start:] | ... | ... |