Peter M. Groen / oletools

18 May, 2016

2 commits

Merged in christian_intra2net/oletools_json/ppt-parser (pull request #10) ...
649f2e0f
```
Ppt parser
```
Philippe Lagadec authored
2016-05-18 23:24:30 +0200
Browse Code »
olevba: temporarily revert some changes to solve conflict with ppt_parser pull request
85bd93ee

Philippe Lagadec authored
2016-05-18 23:23:11 +0200
Browse Code »

16 May, 2016

2 commits

xglob: updated changelog
d7dfefea

Philippe Lagadec authored
2016-05-16 16:36:24 +0200
Browse Code »
olevba: many improvements and fixes by Christian Herdtweck (exit code, exception… ...
ffa04426
```
… handling, JSON output)
```
Philippe Lagadec authored
2016-05-16 16:34:05 +0200
Browse Code »

15 May, 2016

1 commit

olevba: look for VBA code in any stream including orphans
5e019d00

Philippe Lagadec authored
2016-05-15 21:46:28 +0200
Browse Code »

12 May, 2016

12 commits

make many ppt_parser functions generators; use decorator for try-open-except-close(stream)
823d07b3

Christian Herdtweck authored
2016-05-12 18:03:36 +0200
Browse Code »
fix issues found by pylint: non-existing or unused variables and imports; whitespace
754ae5d9

Christian Herdtweck authored
2016-05-12 15:14:57 +0200
Browse Code »
wrap long lines
55b75d0c

Christian Herdtweck authored
2016-05-12 14:57:53 +0200
Browse Code »
created PptParser.read_vba_storage for uncompressed data storages
e07a649f

Christian Herdtweck authored
2016-05-12 14:37:43 +0200
Browse Code »
tweaked logging (lots of info-->debug, some removed; added some comments
a60d9f3e

Christian Herdtweck authored
2016-05-12 14:37:11 +0200
Browse Code »
update todo and other comments about PowerPoint 97-2003
42fbc3ee

Christian Herdtweck authored
2016-05-12 13:17:57 +0200
Browse Code »
continue integration of ppt into olevba: works now!
b21c1465

Christian Herdtweck authored
2016-05-12 11:59:35 +0200
Browse Code »
update to testing code
44737a1c

Christian Herdtweck authored
2016-05-12 11:52:22 +0200
Browse Code »
one more log message; add logger name to log output ...
dbeeae0d
```
(to easily see where log output comes from if ppt_parser is used from olevba)
```
Christian Herdtweck authored
2016-05-12 11:52:13 +0200
Browse Code »
renamed ExternalObjectStorage.compressed --> is_compressed
294e661c

Christian Herdtweck authored
2016-05-12 11:51:01 +0200
Browse Code »
add enable_logging, import logging from olefile
ae568171

Christian Herdtweck authored
2016-05-12 11:49:36 +0200
Browse Code »
start integrating ppt_parser into olevba
14dcbdca

Christian Herdtweck authored
2016-05-12 09:11:02 +0200
Browse Code »

11 May, 2016

1 commit

managed to extract vba stream from ppt by byte-search for ExternalObjectStorage ...
05a27a43
```
Qapla'
```
Christian Herdtweck authored
2016-05-11 17:57:35 +0200
Browse Code »

10 May, 2016

4 commits

successfully found and parsed VBAInfoContainer+Atom but still no VBA code...
8ee20161

Christian Herdtweck authored
2016-05-10 12:56:47 +0200
Browse Code »
start looking for vba a different way: search for record header of VBAInfoAtom/Container
0a8eace5

Christian Herdtweck authored
2016-05-10 12:28:49 +0200
Browse Code »
bugfixing but failed to correctly parse DocumentContainer :-(
27e0a1c8

Christian Herdtweck authored
2016-05-10 12:28:02 +0200
Browse Code »
made CurrentUserAtom a PptType -- streamlined last remaining class (currently)
87a69ade

Christian Herdtweck authored
2016-05-10 09:37:35 +0200
Browse Code »

07 May, 2016

1 commit

rtfobj: sanitize filenames to avoid special characters
455c85b4

Philippe Lagadec authored
2016-05-07 18:06:10 +0200
Browse Code »

06 May, 2016

3 commits

rtfobj: added option -d to set the output directory (contribution by Thomas Jarosch)
209688eb

Philippe Lagadec authored
2016-05-06 23:13:10 +0200
Browse Code »
started vba types
62c927a8

Christian Herdtweck authored
2016-05-06 18:33:07 +0200
Browse Code »
added base type PptType, parse all of persist dir (not just first), added DummyT… ...
63dafd09
```
…ype and DocumentContainer

also ran through pylint

rather non-atomic, sorry
```
Christian Herdtweck authored
2016-05-06 17:48:01 +0200
Browse Code »

04 May, 2016

3 commits

olefile: fixed slight bug in OleStream
31ce789a

Philippe Lagadec authored
2016-05-04 23:42:17 +0200
Browse Code »
continue with UserEditAtom
dd5ee6df

Christian Herdtweck authored
2016-05-04 16:01:23 +0200
Browse Code »
Started ppt_parser with PptParser, CurrentUserAtom
8ae664a2

Christian Herdtweck authored
2016-05-04 15:01:21 +0200
Browse Code »

30 Apr, 2016

3 commits

updated readme
959bc8d1

Philippe Lagadec authored
2016-04-30 07:13:02 +0200
Browse Code »
olevba: updated suspicious keywords
da46fb84

Philippe Lagadec authored
2016-04-30 07:12:40 +0200
Browse Code »
olefile: updated to v0.44 (better handling of malformed/incomplete OLE files)
ed936e16

Philippe Lagadec authored
2016-04-30 07:12:01 +0200
Browse Code »

28 Apr, 2016

8 commits

do not log error if in json mode -- error info is in json-output and return code
b0033e5f

Christian Herdtweck authored
2016-04-28 18:15:20 +0200
Browse Code »

limit logging output from open_... and process_file_... functions to info and debug ...

40c14afb

no need to do error/exception output here since an error is raised anyway
if opening/processing failed and otherwise the error is not so bad (e.g.
one opening attempt failed but next succeeds for same file)

--> main or other caller can better control the output (e.g. for json/triage mode)

Added a few debug-traces

authored

2016-04-28 18:03:32 +0200

Browse Code »

add n_processed=count to last json meta entry, try to set the is_last apart from json fields
3463905d

Christian Herdtweck authored
2016-04-28 17:21:59 +0200
Browse Code »

iterative json printing: print json data for each file; ...

4c1151ea

re-use old debug-function print_json for proper purpose now

copied from commits 99d5d56d65ee624022f8f9f5577f680f9f386660 and
ccb7870314db6fbf1b9104606888ba67ab535a32 from different branch
and even improved on them (no dict() necessary in print_json args

authored

2016-04-28 17:12:37 +0200

Browse Code »

add errors in main to json_results
82503a9e

Christian Herdtweck authored
2016-04-28 16:44:24 +0200
Browse Code »
deal with 2 errors that appeared in first tests (and corrected an indentation)
749e9ebc

Christian Herdtweck authored
2016-04-28 16:44:01 +0200
Browse Code »
in xglob, if found error, do not try to continue with that file
cbd3f779

Christian Herdtweck authored
2016-04-28 16:42:38 +0200
Browse Code »
just realized that log.exception = log.error(..., exc_info=True) ...
1e024147
```
--> fixed 2 logs from outside of error handlers and
    2 instances were trace is only wanted at debug level
```
Christian Herdtweck authored
2016-04-28 15:20:29 +0200
Browse Code »