Peter M. Groen / oletools

Commit b747e4b097ceb4dae111155a5064c9466ff08f92

Authored by decalage2
1 parent 3ac3c382

olemap: added option --exdata to display extra data (hex dump)

Inline Side-by-side
Showing 1 changed file with 19 additions and 2 deletions
oletools/olemap.py
  View file @b747e4b
@@ -50,6 +50,7 @@ http://www.decalage.info/python/oletools @@ -50,6 +50,7 @@ http://www.decalage.info/python/oletools
50 # - added options --header, --fat and --minifat 50 # - added options --header, --fat and --minifat
51 # 2017-03-22 PL: - added extra data detection, completed header display 51 # 2017-03-22 PL: - added extra data detection, completed header display
52 # 2017-03-23 PL: - only display the header by default 52 # 2017-03-23 PL: - only display the header by default
  53 +# - added option --exdata to display extra data in hex
53 54
54 55
55 __version__ = '0.51dev3' 56 __version__ = '0.51dev3'
@@ -76,6 +77,7 @@ if not _parent_dir in sys.path: @@ -76,6 +77,7 @@ if not _parent_dir in sys.path:
76 from oletools.thirdparty.olefile import olefile 77 from oletools.thirdparty.olefile import olefile
77 from oletools.thirdparty.tablestream import tablestream 78 from oletools.thirdparty.tablestream import tablestream
78 from oletools.thirdparty.xglob import xglob 79 from oletools.thirdparty.xglob import xglob
  80 +from oletools.ezhexviewer import hexdump3
79 81
80 # === CONSTANTS ============================================================== 82 # === CONSTANTS ==============================================================
81 83
@@ -115,7 +117,7 @@ def sid_display(sid): @@ -115,7 +117,7 @@ def sid_display(sid):
115 return sid 117 return sid
116 118
117 119
118 -def show_header(ole): 120 +def show_header(ole, extra_data=False):
119 print("OLE HEADER:") 121 print("OLE HEADER:")
120 t = tablestream.TableStream([24, 16, 79-(4+24+16)], header_row=['Attribute', 'Value', 'Description']) 122 t = tablestream.TableStream([24, 16, 79-(4+24+16)], header_row=['Attribute', 'Value', 'Description'])
121 t.write_row(['OLE Signature (hex)', binascii.b2a_hex(ole.header_signature).upper(), 'Should be D0CF11E0A1B11AE1']) 123 t.write_row(['OLE Signature (hex)', binascii.b2a_hex(ole.header_signature).upper(), 'Should be D0CF11E0A1B11AE1'])
@@ -169,6 +171,19 @@ def show_header(ole): @@ -169,6 +171,19 @@ def show_header(ole):
169 t.close() 171 t.close()
170 print('') 172 print('')
171 173
  174 + if extra_data:
  175 + # hex dump of extra data
  176 + print('HEX DUMP OF EXTRA DATA:\n')
  177 + if extra_data_size <= 0:
  178 + print('No extra data found at end of file.')
  179 + else:
  180 + ole.fp.seek(offset_extra_data)
  181 + # read until end of file:
  182 + exdata = ole.fp.read()
  183 + assert len(exdata) == extra_data_size
  184 + print(hexdump3(exdata, length=16, startindex=offset_extra_data))
  185 + print('')
  186 +
172 187
173 def show_fat(ole): 188 def show_fat(ole):
174 print('FAT:') 189 print('FAT:')
@@ -221,6 +236,8 @@ def main(): @@ -221,6 +236,8 @@ def main():
221 help='Display the FAT (default: no)') 236 help='Display the FAT (default: no)')
222 parser.add_option("--minifat", action="store_true", dest="minifat", 237 parser.add_option("--minifat", action="store_true", dest="minifat",
223 help='Display the MiniFAT (default: no)') 238 help='Display the MiniFAT (default: no)')
  239 + parser.add_option('-x', "--exdata", action="store_true", dest="extra_data",
  240 + help='Display a hex dump of extra data at end of file')
224 241
225 # TODO: add logfile option 242 # TODO: add logfile option
226 243
@@ -261,7 +278,7 @@ def main(): @@ -261,7 +278,7 @@ def main():
261 ole = olefile.OleFileIO(filename) 278 ole = olefile.OleFileIO(filename)
262 279
263 if options.header: 280 if options.header:
264 - show_header(ole) 281 + show_header(ole, extra_data=options.extra_data)
265 if options.fat: 282 if options.fat:
266 show_fat(ole) 283 show_fat(ole)
267 if options.minifat: 284 if options.minifat: