Commit f854f4dfe321784fb72c01a0131e236753dd6c5b
1 parent
e011de51
olevba: display exceptions with stack trace
Showing
1 changed file
with
10 additions
and
4 deletions
oletools/olevba.py
| @@ -118,6 +118,7 @@ https://github.com/unixfreak0037/officeparser | @@ -118,6 +118,7 @@ https://github.com/unixfreak0037/officeparser | ||
| 118 | # Dridex strings | 118 | # Dridex strings |
| 119 | # - exception handling in detect_base64_strings | 119 | # - exception handling in detect_base64_strings |
| 120 | # 2015-02-07 v0.24 PL: - renamed option --hex to --decode, fixed display | 120 | # 2015-02-07 v0.24 PL: - renamed option --hex to --decode, fixed display |
| 121 | +# - display exceptions with stack trace | ||
| 121 | 122 | ||
| 122 | __version__ = '0.24' | 123 | __version__ = '0.24' |
| 123 | 124 | ||
| @@ -162,6 +163,7 @@ import optparse | @@ -162,6 +163,7 @@ import optparse | ||
| 162 | import os.path | 163 | import os.path |
| 163 | import binascii | 164 | import binascii |
| 164 | import base64 | 165 | import base64 |
| 166 | +import traceback | ||
| 165 | 167 | ||
| 166 | import thirdparty.olefile as olefile | 168 | import thirdparty.olefile as olefile |
| 167 | from thirdparty.prettytable import prettytable | 169 | from thirdparty.prettytable import prettytable |
| @@ -296,7 +298,9 @@ RE_PATTERNS = ( | @@ -296,7 +298,9 @@ RE_PATTERNS = ( | ||
| 296 | re_hex_string = re.compile(r'(?:[0-9A-Fa-f]{2}){4,}') | 298 | re_hex_string = re.compile(r'(?:[0-9A-Fa-f]{2}){4,}') |
| 297 | 299 | ||
| 298 | # regex to detect strings encoded in base64 | 300 | # regex to detect strings encoded in base64 |
| 299 | -re_base64_string = re.compile(r'"(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?"') | 301 | +#re_base64_string = re.compile(r'"(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?"') |
| 302 | +# alternate version from balbuzard: | ||
| 303 | +re_base64_string = re.compile(r'"(?:[A-Za-z0-9+/]{4}){2,}(?:[A-Za-z0-9+/]{2}[AEIMQUYcgkosw048]=|[A-Za-z0-9+/][AQgw]==)"') | ||
| 300 | 304 | ||
| 301 | #--- FUNCTIONS ---------------------------------------------------------------- | 305 | #--- FUNCTIONS ---------------------------------------------------------------- |
| 302 | 306 | ||
| @@ -1399,9 +1403,11 @@ def process_file (container, filename, data, show_decoded_strings=False): | @@ -1399,9 +1403,11 @@ def process_file (container, filename, data, show_decoded_strings=False): | ||
| 1399 | else: | 1403 | else: |
| 1400 | print 'No VBA macros found.' | 1404 | print 'No VBA macros found.' |
| 1401 | except: #TypeError: | 1405 | except: #TypeError: |
| 1402 | - raise | 1406 | + #raise |
| 1403 | #TODO: print more info if debug mode | 1407 | #TODO: print more info if debug mode |
| 1404 | - print sys.exc_value | 1408 | + #print sys.exc_value |
| 1409 | + # display the exception with full stack trace for debugging, but do not stop: | ||
| 1410 | + traceback.print_exc() | ||
| 1405 | print '' | 1411 | print '' |
| 1406 | 1412 | ||
| 1407 | 1413 | ||
| @@ -1473,7 +1479,7 @@ def process_file_triage (container, filename, data): | @@ -1473,7 +1479,7 @@ def process_file_triage (container, filename, data): | ||
| 1473 | #TODO: distinguish real errors from incorrect file types | 1479 | #TODO: distinguish real errors from incorrect file types |
| 1474 | flags = '!ERROR' | 1480 | flags = '!ERROR' |
| 1475 | message = sys.exc_value | 1481 | message = sys.exc_value |
| 1476 | - line = '%-6s %s' % (flags, filename) | 1482 | + line = '%-11s %s' % (flags, filename) |
| 1477 | if message: | 1483 | if message: |
| 1478 | line += ' - %s' % message | 1484 | line += ' - %s' % message |
| 1479 | print line | 1485 | print line |