Commit 7fa1d75ceaa75401bf7eac3bd1ba6b337ebf318c
1 parent
74e8385b
rtfobj, pyxswf: fixed issue #83, backward compatible API
Showing
2 changed files
with
13 additions
and
7 deletions
oletools/pyxswf.py
| @@ -25,7 +25,7 @@ http://www.decalage.info/python/oletools | @@ -25,7 +25,7 @@ http://www.decalage.info/python/oletools | ||
| 25 | 25 | ||
| 26 | #=== LICENSE ================================================================= | 26 | #=== LICENSE ================================================================= |
| 27 | 27 | ||
| 28 | -# pyxswf is copyright (c) 2012-2015, Philippe Lagadec (http://www.decalage.info) | 28 | +# pyxswf is copyright (c) 2012-2016, Philippe Lagadec (http://www.decalage.info) |
| 29 | # All rights reserved. | 29 | # All rights reserved. |
| 30 | # | 30 | # |
| 31 | # Redistribution and use in source and binary forms, with or without modification, | 31 | # Redistribution and use in source and binary forms, with or without modification, |
| @@ -54,8 +54,9 @@ http://www.decalage.info/python/oletools | @@ -54,8 +54,9 @@ http://www.decalage.info/python/oletools | ||
| 54 | # 2012-11-09 v0.02 PL: - added RTF embedded objects extraction | 54 | # 2012-11-09 v0.02 PL: - added RTF embedded objects extraction |
| 55 | # 2014-11-29 v0.03 PL: - use olefile instead of OleFileIO_PL | 55 | # 2014-11-29 v0.03 PL: - use olefile instead of OleFileIO_PL |
| 56 | # - improved usage display with -h | 56 | # - improved usage display with -h |
| 57 | +# 2016-09-06 v0.50 PL: - updated to match the rtfobj API | ||
| 57 | 58 | ||
| 58 | -__version__ = '0.03' | 59 | +__version__ = '0.50' |
| 59 | 60 | ||
| 60 | #------------------------------------------------------------------------------ | 61 | #------------------------------------------------------------------------------ |
| 61 | # TODO: | 62 | # TODO: |
| @@ -126,7 +127,7 @@ def main(): | @@ -126,7 +127,7 @@ def main(): | ||
| 126 | # RTF MODE: | 127 | # RTF MODE: |
| 127 | elif options.rtf: | 128 | elif options.rtf: |
| 128 | for filename in args: | 129 | for filename in args: |
| 129 | - for index, data in rtfobj.rtf_iter_objects(filename): | 130 | + for index, orig_len, data in rtfobj.rtf_iter_objects(filename): |
| 130 | if 'FWS' in data or 'CWS' in data: | 131 | if 'FWS' in data or 'CWS' in data: |
| 131 | print 'RTF embedded object size %d at index %08X' % (len(data), index) | 132 | print 'RTF embedded object size %d at index %08X' % (len(data), index) |
| 132 | f = StringIO.StringIO(data) | 133 | f = StringIO.StringIO(data) |
oletools/rtfobj.py
| @@ -63,6 +63,7 @@ http://www.decalage.info/python/oletools | @@ -63,6 +63,7 @@ http://www.decalage.info/python/oletools | ||
| 63 | # 2016-08-01 PL: - detect executable filenames in OLE Package | 63 | # 2016-08-01 PL: - detect executable filenames in OLE Package |
| 64 | # 2016-08-08 PL: - added option -s to save objects to files | 64 | # 2016-08-08 PL: - added option -s to save objects to files |
| 65 | # 2016-08-09 PL: - fixed issue #78, improved regex | 65 | # 2016-08-09 PL: - fixed issue #78, improved regex |
| 66 | +# 2016-09-06 PL: - fixed issue #83, backward compatible API | ||
| 66 | 67 | ||
| 67 | __version__ = '0.50' | 68 | __version__ = '0.50' |
| 68 | 69 | ||
| @@ -580,16 +581,20 @@ def rtf_iter_objects(filename, min_size=32): | @@ -580,16 +581,20 @@ def rtf_iter_objects(filename, min_size=32): | ||
| 580 | """ | 581 | """ |
| 581 | [DEPRECATED] Backward-compatible API, for applications using the old rtfobj: | 582 | [DEPRECATED] Backward-compatible API, for applications using the old rtfobj: |
| 582 | Open a RTF file, extract each embedded object encoded in hexadecimal of | 583 | Open a RTF file, extract each embedded object encoded in hexadecimal of |
| 583 | - size > min_size, yield the index of the object in the RTF file and its data | ||
| 584 | - in binary format. | 584 | + size > min_size, yield the index of the object in the RTF file, the original |
| 585 | + length in the RTF file, and the decoded object data in binary format. | ||
| 585 | This is an iterator. | 586 | This is an iterator. |
| 587 | + | ||
| 588 | + :param filename: str, RTF file name/path to open on disk | ||
| 589 | + :param min_size: ignored, kept for backward compatibility | ||
| 590 | + :returns: iterator, yielding tuples (start index, original length, binary data) | ||
| 586 | """ | 591 | """ |
| 587 | data = open(filename, 'rb').read() | 592 | data = open(filename, 'rb').read() |
| 588 | rtfp = RtfObjParser(data) | 593 | rtfp = RtfObjParser(data) |
| 589 | rtfp.parse() | 594 | rtfp.parse() |
| 590 | for obj in rtfp.objects: | 595 | for obj in rtfp.objects: |
| 591 | - # orig_len = obj.end - obj.start | ||
| 592 | - yield obj.start, obj.rawdata | 596 | + orig_len = obj.end - obj.start |
| 597 | + yield obj.start, orig_len, obj.rawdata | ||
| 593 | 598 | ||
| 594 | 599 | ||
| 595 | 600 |