Commit b747e4b097ceb4dae111155a5064c9466ff08f92
1 parent
3ac3c382
olemap: added option --exdata to display extra data (hex dump)
Showing
1 changed file
with
19 additions
and
2 deletions
oletools/olemap.py
| ... | ... | @@ -50,6 +50,7 @@ http://www.decalage.info/python/oletools |
| 50 | 50 | # - added options --header, --fat and --minifat |
| 51 | 51 | # 2017-03-22 PL: - added extra data detection, completed header display |
| 52 | 52 | # 2017-03-23 PL: - only display the header by default |
| 53 | +# - added option --exdata to display extra data in hex | |
| 53 | 54 | |
| 54 | 55 | |
| 55 | 56 | __version__ = '0.51dev3' |
| ... | ... | @@ -76,6 +77,7 @@ if not _parent_dir in sys.path: |
| 76 | 77 | from oletools.thirdparty.olefile import olefile |
| 77 | 78 | from oletools.thirdparty.tablestream import tablestream |
| 78 | 79 | from oletools.thirdparty.xglob import xglob |
| 80 | +from oletools.ezhexviewer import hexdump3 | |
| 79 | 81 | |
| 80 | 82 | # === CONSTANTS ============================================================== |
| 81 | 83 | |
| ... | ... | @@ -115,7 +117,7 @@ def sid_display(sid): |
| 115 | 117 | return sid |
| 116 | 118 | |
| 117 | 119 | |
| 118 | -def show_header(ole): | |
| 120 | +def show_header(ole, extra_data=False): | |
| 119 | 121 | print("OLE HEADER:") |
| 120 | 122 | t = tablestream.TableStream([24, 16, 79-(4+24+16)], header_row=['Attribute', 'Value', 'Description']) |
| 121 | 123 | t.write_row(['OLE Signature (hex)', binascii.b2a_hex(ole.header_signature).upper(), 'Should be D0CF11E0A1B11AE1']) |
| ... | ... | @@ -169,6 +171,19 @@ def show_header(ole): |
| 169 | 171 | t.close() |
| 170 | 172 | print('') |
| 171 | 173 | |
| 174 | + if extra_data: | |
| 175 | + # hex dump of extra data | |
| 176 | + print('HEX DUMP OF EXTRA DATA:\n') | |
| 177 | + if extra_data_size <= 0: | |
| 178 | + print('No extra data found at end of file.') | |
| 179 | + else: | |
| 180 | + ole.fp.seek(offset_extra_data) | |
| 181 | + # read until end of file: | |
| 182 | + exdata = ole.fp.read() | |
| 183 | + assert len(exdata) == extra_data_size | |
| 184 | + print(hexdump3(exdata, length=16, startindex=offset_extra_data)) | |
| 185 | + print('') | |
| 186 | + | |
| 172 | 187 | |
| 173 | 188 | def show_fat(ole): |
| 174 | 189 | print('FAT:') |
| ... | ... | @@ -221,6 +236,8 @@ def main(): |
| 221 | 236 | help='Display the FAT (default: no)') |
| 222 | 237 | parser.add_option("--minifat", action="store_true", dest="minifat", |
| 223 | 238 | help='Display the MiniFAT (default: no)') |
| 239 | + parser.add_option('-x', "--exdata", action="store_true", dest="extra_data", | |
| 240 | + help='Display a hex dump of extra data at end of file') | |
| 224 | 241 | |
| 225 | 242 | # TODO: add logfile option |
| 226 | 243 | |
| ... | ... | @@ -261,7 +278,7 @@ def main(): |
| 261 | 278 | ole = olefile.OleFileIO(filename) |
| 262 | 279 | |
| 263 | 280 | if options.header: |
| 264 | - show_header(ole) | |
| 281 | + show_header(ole, extra_data=options.extra_data) | |
| 265 | 282 | if options.fat: |
| 266 | 283 | show_fat(ole) |
| 267 | 284 | if options.minifat: | ... | ... |