olevba: removed usage of sys.stderr which causes issues (fixed issue #23)

Philippe Lagadec
1 parent bf3fd0ac
Showing 1 changed file with 8 additions and 3 deletions
oletools/olevba.py
@@ -142,8 +142,9 @@ https://github.com/unixfreak0037/officeparser
 # 2015-06-19       PL: - added options -a, -c, --each, --attr
 # 2015-06-21 v0.32 PL: - always display decoded strings which are printable
 #                      - fix VBA_Scanner.scan to return raw strings, not repr()
+# 2015-07-09 v0.33 PL: - removed usage of sys.stderr which causes issues
-__version__ = '0.32'
+__version__ = '0.33'
 #------------------------------------------------------------------------------
 # TODO:
@@ -1868,7 +1869,9 @@ def print_analysis(vba_code, show_decoded_strings=False):
     :param show_decoded_strings: bool, if True hex-encoded strings will be displayed with their decoded content.
     :return: None
     """
-    sys.stderr.write('Analysis...\r')
+    # print a waiting message only if the output is not redirected to a file:
+    if sys.stdout.isatty():
+        print 'Analysis...\r',
     results = scan_vba(vba_code, show_decoded_strings)
     if results:
         t = prettytable.PrettyTable(('Type', 'Keyword', 'Description'))
@@ -1986,8 +1989,10 @@ def process_file_triage(container, filename, data):
             for (subfilename, stream_path, vba_filename, vba_code) in vba.extract_macros():
                 nb_macros += 1
                 if vba_code.strip() != '':
+                    # print a waiting message only if the output is not redirected to a file:
+                    if sys.stdout.isatty():
+                        print 'Analysis...\r',
                     # analyse the whole code, filtered to avoid false positives:
-                    sys.stderr.write('Analysis...\r')
                     scanner = VBA_Scanner(filter_vba(vba_code))
                     autoexec, suspicious, iocs, hexstrings, base64strings, dridex, vbastrings = scanner.scan_summary()
                     nb_autoexec += autoexec