Commit b7cb5b22b37d339cf17c969a43f493845a30cd61
1 parent
95cf2434
updated olevba to use olefile
Showing
1 changed file
with
10 additions
and
9 deletions
oletools/olevba.py
| 1 | 1 | #!/usr/bin/env python |
| 2 | 2 | """ |
| 3 | -olevba.py v0.03 2014-08-15 | |
| 3 | +olevba.py | |
| 4 | 4 | |
| 5 | 5 | olevba is a script to parse OLE and OpenXML files such as MS Office documents |
| 6 | 6 | (e.g. Word, Excel), to extract VBA Macro code in clear text. |
| ... | ... | @@ -22,8 +22,6 @@ https://github.com/unixfreak0037/officeparser |
| 22 | 22 | Usage: olevba.py <file> |
| 23 | 23 | """ |
| 24 | 24 | |
| 25 | -__version__ = '0.03' | |
| 26 | - | |
| 27 | 25 | #=== LICENSE ================================================================== |
| 28 | 26 | |
| 29 | 27 | # olevba is copyright (c) 2014 Philippe Lagadec (http://www.decalage.info) |
| ... | ... | @@ -80,6 +78,9 @@ __version__ = '0.03' |
| 80 | 78 | # 2014-08-15 PL: - fixed incorrect value check in PROJECTHELPFILEPATH Record |
| 81 | 79 | # 2014-08-15 v0.03 PL: - refactored extract_macros to support OpenXML formats |
| 82 | 80 | # and to find the VBA project root anywhere in the file |
| 81 | +# 2014-11-29 v0.04 PL: - use olefile instead of OleFileIO_PL | |
| 82 | + | |
| 83 | +__version__ = '0.04' | |
| 83 | 84 | |
| 84 | 85 | #------------------------------------------------------------------------------ |
| 85 | 86 | # TODO: |
| ... | ... | @@ -116,7 +117,7 @@ import cStringIO |
| 116 | 117 | import math |
| 117 | 118 | import zipfile |
| 118 | 119 | |
| 119 | -from thirdparty.OleFileIO_PL import OleFileIO_PL | |
| 120 | +import thirdparty.olefile as olefile | |
| 120 | 121 | |
| 121 | 122 | #--- CONSTANTS ---------------------------------------------------------------- |
| 122 | 123 | |
| ... | ... | @@ -296,7 +297,7 @@ def extract_macros_ole(ole): |
| 296 | 297 | |
| 297 | 298 | def check_vba_stream(ole, vba_root, stream_path): |
| 298 | 299 | full_path = vba_root + stream_path |
| 299 | - if ole.exists(full_path) and ole.get_type(full_path) == OleFileIO_PL.STGTY_STREAM: | |
| 300 | + if ole.exists(full_path) and ole.get_type(full_path) == olefile.STGTY_STREAM: | |
| 300 | 301 | logging.debug('Found %s stream: %s' % (stream_path, full_path)) |
| 301 | 302 | return full_path |
| 302 | 303 | else: |
| ... | ... | @@ -697,15 +698,15 @@ def _extract_vba (ole, vba_root, project_path, dir_path): |
| 697 | 698 | |
| 698 | 699 | |
| 699 | 700 | def extract_macros (filename): |
| 700 | - if OleFileIO_PL.isOleFile(filename): | |
| 701 | + if olefile.isOleFile(filename): | |
| 701 | 702 | # This looks like an OLE file |
| 702 | 703 | logging.info('Extracting VBA Macros from OLE file %s' % filename) |
| 703 | - ole = OleFileIO_PL.OleFileIO(filename) | |
| 704 | + ole = olefile.OleFileIO(filename) | |
| 704 | 705 | extract_macros_ole(ole) |
| 705 | 706 | ole.close() |
| 706 | 707 | elif zipfile.is_zipfile(filename): |
| 707 | 708 | # This looks like a zip file, need to look for vbaProject.bin inside |
| 708 | - #TODO: here we could even look for any OLE file inside the archive | |
| 709 | + #TODO: here we should look for any OLE file inside the archive | |
| 709 | 710 | #...because vbaProject.bin can be renamed: |
| 710 | 711 | # see http://www.decalage.info/files/JCV07_Lagadec_OpenDocument_OpenXML_v4_decalage.pdf#page=18 |
| 711 | 712 | logging.info('Opening ZIP/OpenXML file %s' % filename) |
| ... | ... | @@ -716,7 +717,7 @@ def extract_macros (filename): |
| 716 | 717 | vbadata = z.open(f).read() |
| 717 | 718 | vbafile = cStringIO.StringIO(vbadata) |
| 718 | 719 | try: |
| 719 | - ole = OleFileIO_PL.OleFileIO(vbafile) | |
| 720 | + ole = olefile.OleFileIO(vbafile) | |
| 720 | 721 | except: |
| 721 | 722 | logging.debug('%s is not a valid OLE file' % f) |
| 722 | 723 | continue | ... | ... |