Peter M. Groen / oletools

Commit 8dc4854df1c2bef3a56373dd73c4c378788df688

Authored by Christian Herdtweck
1 parent 8be66d11

ppt_record_parser: move constants to top of file

Inline Side-by-side
Showing 1 changed file with 75 additions and 72 deletions
oletools/ppt_record_parser.py
  View file @8dc4854
@@ -49,6 +49,80 @@ import io @@ -49,6 +49,80 @@ import io
49 import zlib 49 import zlib
50 50
51 51
  52 +# types of relevant records (there are much more than listed here)
  53 +RECORD_TYPES = dict([
  54 + # file structure types
  55 + (0x0ff5, 'UserEditAtom'),
  56 + (0x0ff6, 'CurrentUserAtom'), # --> use PptRecordCurrentUser instead
  57 + (0x1772, 'PersistDirectoryAtom'),
  58 + (0x2f14, 'CryptSession10Container'),
  59 + # document types
  60 + (0x03e8, 'DocumentContainer'),
  61 + (0x0fc9, 'HandoutContainer'),
  62 + (0x03f0, 'NotesContainer'),
  63 + (0x03ff, 'VbaInfoContainer'),
  64 + (0x03e9, 'DocumentAtom'),
  65 + (0x03ea, 'EndDocumentAtom'),
  66 + # slide types
  67 + (0x03ee, 'SlideContainer'),
  68 + (0x03f8, 'MainMasterContainer'),
  69 + # external object ty
  70 + (0x0409, 'ExObjListContainer'),
  71 + (0x1011, 'ExOleVbaActiveXAtom'), # --> use PptRecordExOleVbaActiveXAtom
  72 + (0x1006, 'ExAviMovieContainer'),
  73 + (0x100e, 'ExCDAudioContainer'),
  74 + (0x0fee, 'ExControlContainer'),
  75 + (0x0fd7, 'ExHyperlinkContainer'),
  76 + (0x1007, 'ExMCIMovieContainer'),
  77 + (0x100d, 'ExMIDIAudioContainer'),
  78 + (0x0fcc, 'ExOleEmbedContainer'),
  79 + (0x0fce, 'ExOleLinkContainer'),
  80 + (0x100f, 'ExWAVAudioEmbeddedContainer'),
  81 + (0x1010, 'ExWAVAudioLinkContainer'),
  82 + (0x1004, 'ExMediaAtom'),
  83 + (0x040a, 'ExObjListAtom'),
  84 + (0x0fcd, 'ExOleEmbedAtom'),
  85 + (0x0fc3, 'ExOleObjAtom'), # --> use PptRecordExOleObjAtom instead
  86 + # other types
  87 + (0x0fc1, 'MetafileBlob'),
  88 + (0x0fb8, 'FontEmbedDataBlob'),
  89 + (0x07e7, 'SoundDataBlob'),
  90 + (0x138b, 'BinaryTagDataBlob'),
  91 + (0x0fba, 'CString'),
  92 +])
  93 +
  94 +
  95 +# record types where version is not 0x0 or 0xf
  96 +VERSION_EXCEPTIONS = dict([
  97 + (0x0400, 2), # rt_vbainfoatom
  98 + (0x03ef, 2), # rt_slideatom
  99 +])
  100 +
  101 +
  102 +# record types where instance is not 0x0 or 0x1
  103 +INSTANCE_EXCEPTIONS = dict([
  104 + (0x0fba, (2, 0x14)), # rt_cstring,
  105 + (0x0ff0, (2, 2)), # rt_slidelistwithtext,
  106 + (0x0fd9, (3, 4)), # rt_headersfooters,
  107 + (0x07e4, (5, 5)), # rt_soundcollection,
  108 + (0x03fb, (7, 7)), # rt_guideatom,
  109 + (0x07e9, (2, 2)), # rt_bookmarkseeatom,
  110 + (0x07f0, (6, 6)), # rt_colorschemeatom,
  111 + (0xf125, (0, 5)), # rt_timeconditioncontainer,
  112 + (0xf13d, (0, 0xa)), # rt_timepropertylist,
  113 + (0x0fc8, (2, 2)), # rt_kinsoku,
  114 + (0x0fd2, (3, 3)), # rt_kinsokuatom,
  115 + (0x0f9f, (0, 5)), # rt_textheaderatom,
  116 + (0x0fb7, (0, 128)), # rt_fontentityatom,
  117 + (0x0fa3, (0, 8)), # rt_textmasterstyleatom,
  118 + (0x0fad, (0, 8)), # rt_textmasterstyle9atom,
  119 + (0x0fb2, (0, 8)), # rt_textmasterstyle10atom,
  120 + (0x07f9, (0, 0x80)), # rt_blibentitiy9atom,
  121 + (0x0faf, (0, 5)), # rt_outlinetextpropsheader9atom,
  122 + (0x0fb8, (0, 3)), # rt_fontembeddatablob,
  123 +])
  124 +
  125 +
52 class PptFile(record_base.OleRecordFile): 126 class PptFile(record_base.OleRecordFile):
53 """ Record-based view on a PowerPoint ppt file """ 127 """ Record-based view on a PowerPoint ppt file """
54 128
@@ -56,6 +130,7 @@ class PptFile(record_base.OleRecordFile): @@ -56,6 +130,7 @@ class PptFile(record_base.OleRecordFile):
56 def stream_class_for_name(self, stream_name): 130 def stream_class_for_name(self, stream_name):
57 return PptStream 131 return PptStream
58 132
  133 +
59 class PptStream(record_base.OleRecordStream): 134 class PptStream(record_base.OleRecordStream):
60 """ a stream of records in a ppt file """ 135 """ a stream of records in a ppt file """
61 136
@@ -401,78 +476,6 @@ class PptRecordExOleVbaActiveXAtom(PptRecord): @@ -401,78 +476,6 @@ class PptRecordExOleVbaActiveXAtom(PptRecord):
401 return '{0}, {1}{2}'.format(text[:-2], compr_text, text[-2:]) 476 return '{0}, {1}{2}'.format(text[:-2], compr_text, text[-2:])
402 477
403 478
404 -# types of relevant records (there are much more than listed here)  
405 -RECORD_TYPES = dict([  
406 - # file structure types  
407 - (0x0ff5, 'UserEditAtom'),  
408 - (0x0ff6, 'CurrentUserAtom'), # --> use PptRecordCurrentUser instead  
409 - (0x1772, 'PersistDirectoryAtom'),  
410 - (0x2f14, 'CryptSession10Container'),  
411 - # document types  
412 - (0x03e8, 'DocumentContainer'),  
413 - (0x0fc9, 'HandoutContainer'),  
414 - (0x03f0, 'NotesContainer'),  
415 - (0x03ff, 'VbaInfoContainer'),  
416 - (0x03e9, 'DocumentAtom'),  
417 - (0x03ea, 'EndDocumentAtom'),  
418 - # slide types  
419 - (0x03ee, 'SlideContainer'),  
420 - (0x03f8, 'MainMasterContainer'),  
421 - # external object ty  
422 - (0x0409, 'ExObjListContainer'),  
423 - (0x1011, 'ExOleVbaActiveXAtom'), # --> use PptRecordExOleVbaActiveXAtom  
424 - (0x1006, 'ExAviMovieContainer'),  
425 - (0x100e, 'ExCDAudioContainer'),  
426 - (0x0fee, 'ExControlContainer'),  
427 - (0x0fd7, 'ExHyperlinkContainer'),  
428 - (0x1007, 'ExMCIMovieContainer'),  
429 - (0x100d, 'ExMIDIAudioContainer'),  
430 - (0x0fcc, 'ExOleEmbedContainer'),  
431 - (0x0fce, 'ExOleLinkContainer'),  
432 - (0x100f, 'ExWAVAudioEmbeddedContainer'),  
433 - (0x1010, 'ExWAVAudioLinkContainer'),  
434 - (0x1004, 'ExMediaAtom'),  
435 - (0x040a, 'ExObjListAtom'),  
436 - (0x0fcd, 'ExOleEmbedAtom'),  
437 - (0x0fc3, 'ExOleObjAtom'), # --> use PptRecordExOleObjAtom instead  
438 - # other types  
439 - (0x0fc1, 'MetafileBlob'),  
440 - (0x0fb8, 'FontEmbedDataBlob'),  
441 - (0x07e7, 'SoundDataBlob'),  
442 - (0x138b, 'BinaryTagDataBlob'),  
443 - (0x0fba, 'CString'),  
444 -])  
445 -  
446 -# record types where version is not 0x0 or 0xf  
447 -VERSION_EXCEPTIONS = dict([  
448 - (0x0400, 2), # rt_vbainfoatom  
449 - (0x03ef, 2), # rt_slideatom  
450 -])  
451 -  
452 -# record types where instance is not 0x0 or 0x1  
453 -INSTANCE_EXCEPTIONS = dict([  
454 - (0x0fba, (2, 0x14)), # rt_cstring,  
455 - (0x0ff0, (2, 2)), # rt_slidelistwithtext,  
456 - (0x0fd9, (3, 4)), # rt_headersfooters,  
457 - (0x07e4, (5, 5)), # rt_soundcollection,  
458 - (0x03fb, (7, 7)), # rt_guideatom,  
459 - (0x07e9, (2, 2)), # rt_bookmarkseeatom,  
460 - (0x07f0, (6, 6)), # rt_colorschemeatom,  
461 - (0xf125, (0, 5)), # rt_timeconditioncontainer,  
462 - (0xf13d, (0, 0xa)), # rt_timepropertylist,  
463 - (0x0fc8, (2, 2)), # rt_kinsoku,  
464 - (0x0fd2, (3, 3)), # rt_kinsokuatom,  
465 - (0x0f9f, (0, 5)), # rt_textheaderatom,  
466 - (0x0fb7, (0, 128)), # rt_fontentityatom,  
467 - (0x0fa3, (0, 8)), # rt_textmasterstyleatom,  
468 - (0x0fad, (0, 8)), # rt_textmasterstyle9atom,  
469 - (0x0fb2, (0, 8)), # rt_textmasterstyle10atom,  
470 - (0x07f9, (0, 0x80)), # rt_blibentitiy9atom,  
471 - (0x0faf, (0, 5)), # rt_outlinetextpropsheader9atom,  
472 - (0x0fb8, (0, 3)), # rt_fontembeddatablob,  
473 -])  
474 -  
475 -  
476 ############################################################################### 479 ###############################################################################
477 # TESTING 480 # TESTING
478 ############################################################################### 481 ###############################################################################