Exemple #1
0
    def dump (self):
        file = open(self.filepath, 'rb')
        strm = pptstream.PPTFile(file.read(), self.params)
        file.close()
        strm.printStreamInfo()
        strm.printHeader()
        strm.printDirectory()
        dirnames = strm.getDirectoryNames()
        result = True
        for dirname in dirnames:
            sdirname = globals.nulltrunc(dirname)
            if len(sdirname) == 0 or sdirname == b"Root Entry":
                continue

            try:
                dirstrm = strm.getDirectoryStreamByName(dirname)
            except Exception as err:
                error("getDirectoryStreamByName(%s): %s\n" % (dirname,str(err)))
                # The previous version was killed by the exception
                # here, so the equivalent is to break, but maybe there
                # is no reason to do so.
                break
            self.__printDirHeader(dirname, len(dirstrm.bytes))
            if  sdirname == b"PowerPoint Document":
                if not self.__readSubStream(dirstrm):
                    result = False
            elif  sdirname == b"Current User":
                if not self.__readSubStream(dirstrm):
                    result = False
            elif  sdirname == b"\x05DocumentSummaryInformation":
                strm = olestream.PropertySetStream(dirstrm.bytes)
                strm.read()
            else:
                globals.dumpBytes(dirstrm.bytes, 512)
        return result
Exemple #2
0
    def dump(self):
        file = open(self.filepath, 'rb')
        strm = pptstream.PPTFile(file.read(), self.params)
        file.close()
        strm.printStreamInfo()
        strm.printHeader()
        strm.printDirectory()
        dirnames = strm.getDirectoryNames()
        result = True
        for dirname in dirnames:
            if len(dirname) == 0 or dirname == 'Root Entry':
                continue

            try:
                dirstrm = strm.getDirectoryStreamByName(dirname)
            except Exception as err:
                error("getDirectoryStreamByName(%s): %s - %s\n" %
                      (dirname, str(err), self.filepath))
                # The previous version was killed by the exception
                # here, so the equivalent is to break, but maybe there
                # is no reason to do so.
                break
            self.__printDirHeader(dirname, len(dirstrm.bytes))
            if dirname == "PowerPoint Document":
                if not self.__readSubStream(dirstrm):
                    result = False
            elif dirname == "Current User":
                if not self.__readSubStream(dirstrm):
                    result = False
            elif dirname == "\x05DocumentSummaryInformation":
                strm = olestream.PropertySetStream(dirstrm.bytes)
                strm.read()
            else:
                globals.dumpBytes(dirstrm.bytes, 512)
        return result
Exemple #3
0
    def dump(self):
        self.vbaRoot = self.findVBARoot()
        if self.vbaRoot == None:
            print("Can't find VBA subcontainer")
            exit(1)
        # need to read the dir stream
        dirName = self.vbaRoot.getHierarchicalName() + "VBA/dir"
        dirNode = self.__findNodeByHierarchicalName(self.vbaRoot, dirName)
        if dirNode != None:
            #decompress
            bytes = dirNode.getStream()
            compressed = vbahelper.CompressedVBAStream(bytes, 0)
            bytes = compressed.decompress()
            reader = DirStreamReader(bytes)
            reader.parse()

            # dump the PROJECTxxx streams ( need to codepage from dir )
            for child in self.vbaRoot.getChildren():
                # first level children are PROJECT, PROJECTwm & PROJECTlk
                if child.isStorage() == False:
                    bytes = child.getStream()
                    print("")
                    print(
                        "============ %s Stream size: 0x%x bytes)============"
                        % (child.getName(), len(bytes)))
                    print("")
                    if child.getName() == "PROJECT":
                        #straight text file
                        print("%s" % bytes.decode(reader.codepageName))
                    else:
                        globals.dumpBytes(bytes, 512)
            for module in reader.Modules:
                fullStreamName = self.vbaRoot.getHierarchicalName(
                ) + "VBA/" + module.streamname
                moduleNode = self.__findNodeByHierarchicalName(
                    self.vbaRoot, fullStreamName)
                bytes = moduleNode.getStream()
                print(
                    "============ %s Stream (inflated) size: 0x%x bytes offset: 0x%x ============"
                    % (module.streamname, len(bytes), module.offset))
                compressed = vbahelper.CompressedVBAStream(
                    bytes, module.offset)
                bytes = compressed.decompress()
                source = bytes.decode(reader.codepageName)
                print("")
                print(source)
                print("")
Exemple #4
0
    def dump (self):
        self.__parseFile()
        self.strm.printStreamInfo()
        self.strm.printHeader()
        self.strm.printMSAT()
        self.strm.printSAT()
        self.strm.printSSAT()
        self.strm.printDirectory()
        dirEntries = self.strm.getDirectoryEntries()
        for entry in dirEntries:
            dirname = entry.Name
            if len(dirname) == 0:
                continue

            dirstrm = self.strm.getDirectoryStream(entry)
            self.__printDirHeader(entry, len(dirstrm.bytes))
            if entry.isStorage():
                continue

            elif dirname == "Workbook":
                success = True
                while success:
                    success = self.__readSubStream(dirstrm)

            elif dirname == "Revision Log":
                dirstrm.type = xlsstream.DirType.RevisionLog
                self.__readSubStream(dirstrm)

            elif dirname == "EncryptionInfo":
                globals.dumpBytes(dirstrm.bytes, 512)
                print("-"*globals.OutputWidth)
                info = msocrypto.EncryptionInfo(dirstrm.bytes)
                info.read()
                info.output()

            elif self.strmData.isPivotCacheStream(dirname):
                dirstrm.type = xlsstream.DirType.PivotTableCache
                self.__readSubStream(dirstrm)
            elif isOleStream(dirname):
                self.__readOleStream(dirstrm)
            elif isCompObjStream(dirname):
                self.__readCompObjStream(dirstrm)
            else:
                globals.dumpBytes(dirstrm.bytes, 512)
Exemple #5
0
    def dump(self):
        self.__parseFile()
        self.strm.printStreamInfo()
        self.strm.printHeader()
        self.strm.printMSAT()
        self.strm.printSAT()
        self.strm.printSSAT()
        self.strm.printDirectory()
        dirEntries = self.strm.getDirectoryEntries()
        for entry in dirEntries:
            dirname = entry.Name
            if len(dirname) == 0:
                continue

            dirstrm = self.strm.getDirectoryStream(entry)
            self.__printDirHeader(entry, len(dirstrm.bytes))
            if entry.isStorage():
                continue

            elif dirname == "Workbook":
                success = True
                while success:
                    success = self.__readSubStream(dirstrm)

            elif dirname == "Revision Log":
                dirstrm.type = xlsstream.DirType.RevisionLog
                self.__readSubStream(dirstrm)

            elif dirname == "EncryptionInfo":
                globals.dumpBytes(dirstrm.bytes, 512)
                print("-" * globals.OutputWidth)
                info = msocrypto.EncryptionInfo(dirstrm.bytes)
                info.read()
                info.output()

            elif self.strmData.isPivotCacheStream(dirname):
                dirstrm.type = xlsstream.DirType.PivotTableCache
                self.__readSubStream(dirstrm)
            elif isOleStream(dirname):
                self.__readOleStream(dirstrm)
            elif isCompObjStream(dirname):
                self.__readCompObjStream(dirstrm)
            else:
                globals.dumpBytes(dirstrm.bytes, 512)
Exemple #6
0
    def dump(self):
        self.vbaRoot = self.findVBARoot()
        if self.vbaRoot == None:
            print ("Can't find VBA subcontainer")
            exit(1)
        # need to read the dir stream
        dirName = self.vbaRoot.getHierarchicalName() + "VBA/dir"
        dirNode = self.__findNodeByHierarchicalName(self.vbaRoot, dirName)
        if dirNode != None:
            # decompress
            bytes = dirNode.getStream()
            compressed = vbahelper.CompressedVBAStream(bytes, 0)
            bytes = compressed.decompress()
            reader = DirStreamReader(bytes)
            reader.parse()

            # dump the PROJECTxxx streams ( need to codepage from dir )
            for child in self.vbaRoot.getChildren():
                # first level children are PROJECT, PROJECTwm & PROJECTlk
                if child.isStorage() == False:
                    bytes = child.getStream()
                    print ("")
                    print ("============ %s Stream size: 0x%x bytes)============" % (child.getName(), len(bytes)))
                    print ("")
                    if child.getName() == "PROJECT":
                        # straight text file
                        print ("%s" % bytes.decode(reader.codepageName))
                    else:
                        globals.dumpBytes(bytes, 512)
            for module in reader.Modules:
                fullStreamName = self.vbaRoot.getHierarchicalName() + "VBA/" + module.streamname
                moduleNode = self.__findNodeByHierarchicalName(self.vbaRoot, fullStreamName)
                bytes = moduleNode.getStream()
                print (
                    "============ %s Stream (inflated) size: 0x%x bytes offset: 0x%x ============"
                    % (module.streamname, len(bytes), module.offset)
                )
                compressed = vbahelper.CompressedVBAStream(bytes, module.offset)
                bytes = compressed.decompress()
                source = bytes.decode(reader.codepageName)
                print ("")
                print (source)
                print ("")