Commit 8dad74b9be24ebefb6002101749f2fa1a901fda5
1 parent
384f406b
rtfobj: log when \bin has no argument
Showing
2 changed files
with
6 additions
and
4 deletions
oletools/rtfobj.py
| ... | ... | @@ -73,12 +73,13 @@ http://www.decalage.info/python/oletools |
| 73 | 73 | # 2017-05-04 PL: - fixed issue #164 to handle linked OLE objects |
| 74 | 74 | # 2017-06-08 PL: - fixed issue/PR #143: bin object with negative length |
| 75 | 75 | # 2017-06-29 PL: - temporary fix for issue #178 |
| 76 | -# 2017-07-14 v0.51.1 PL: - disabled logging of each control word (issue #184) | |
| 76 | +# 2017-07-14 v0.52 PL: - disabled logging of each control word (issue #184) | |
| 77 | 77 | # 2017-07-24 PL: - fixed call to RtfParser._end_of_file (issue #185) |
| 78 | 78 | # - ignore optional space after \bin (issue #185) |
| 79 | 79 | # 2017-09-06 PL: - fixed issue #196: \pxe is not a destination |
| 80 | +# 2018-02-01 JRM: - fixed issue #251: \bin without argument | |
| 80 | 81 | |
| 81 | -__version__ = '0.51.1dev4' | |
| 82 | +__version__ = '0.52dev12' | |
| 82 | 83 | |
| 83 | 84 | # ------------------------------------------------------------------------------ |
| 84 | 85 | # TODO: |
| ... | ... | @@ -511,12 +512,13 @@ class RtfParser(object): |
| 511 | 512 | |
| 512 | 513 | def _bin(self, matchobject, param): |
| 513 | 514 | if param is None: |
| 515 | + log.info('Detected anti-analysis trick: \\bin object without length at index %X' % self.index) | |
| 514 | 516 | binlen = 0 |
| 515 | 517 | else: |
| 516 | 518 | binlen = int(param) |
| 517 | 519 | # handle negative length |
| 518 | 520 | if binlen < 0: |
| 519 | - log.warn('Detected anti-analysis trick: \bin object with negative length at index %X' % self.index) | |
| 521 | + log.info('Detected anti-analysis trick: \bin object with negative length at index %X' % self.index) | |
| 520 | 522 | # binlen = int(param.strip('-')) |
| 521 | 523 | # According to my tests, if the bin length is negative, |
| 522 | 524 | # it should be treated as a null length: | ... | ... |
setup.py
| ... | ... | @@ -42,7 +42,7 @@ import os, fnmatch |
| 42 | 42 | #--- METADATA ----------------------------------------------------------------- |
| 43 | 43 | |
| 44 | 44 | name = "oletools" |
| 45 | -version = '0.52dev11' | |
| 45 | +version = '0.52dev12' | |
| 46 | 46 | desc = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR" |
| 47 | 47 | long_desc = open('oletools/README.rst').read() |
| 48 | 48 | author = "Philippe Lagadec" | ... | ... |