def dump(self): file = open(self.filepath, 'rb') strm = pptstream.PPTFile(file.read(), self.params) file.close() strm.printStreamInfo() strm.printHeader() strm.printDirectory() dirnames = strm.getDirectoryNames() result = True for dirname in dirnames: if len(dirname) == 0 or dirname == 'Root Entry': continue dirstrm = strm.getDirectoryStreamByName(dirname) self.__printDirHeader(dirname, len(dirstrm.bytes)) if dirname == "PowerPoint Document": if not self.__readSubStream(dirstrm): result = False elif dirname == "Current User": if not self.__readSubStream(dirstrm): result = False elif dirname == "\x05DocumentSummaryInformation": strm = olestream.PropertySetStream(dirstrm.bytes) strm.read() else: globals.dumpBytes(dirstrm.bytes, 512) return result
def read (self): globals.outputln("moniker size: %d"%(len(self.strm.bytes)-16)) clsID = self.strm.readBytes(16) globals.outputln("CLS ID: %s"%globals.getRawBytes(clsID, True, False)) globals.outputln("stream data (implemention specific):") globals.dumpBytes(self.strm.readRemainingBytes()) globals.outputln("")
def read (self): print ("moniker size: %d"%(len(self.strm.bytes)-16)) clsID = self.strm.readBytes(16) print ("CLS ID: %s"%globals.getRawBytes(clsID, True, False)) print ("stream data (implemention specific):") globals.dumpBytes(self.strm.readRemainingBytes()) print ("")
def readSet (self, setOffset): print ("-----------------------------") print ("Property set") print ("-----------------------------") size = self.strm.readUnsignedInt(4) print ("size: 0x%4.4X"%size) props = self.strm.readUnsignedInt(4) print ("number of properties: 0x%4.4X"%props) pos = 0 while pos < props: self.strm.setCurrentPos(setOffset + 8 + pos*8); id = self.strm.readUnsignedInt(4) offset = self.strm.readUnsignedInt(4) print ("ID: 0x%4.4X offset: 0x%4.4X"%(id, offset)) self.strm.setCurrentPos(setOffset + offset); type = self.strm.readUnsignedInt(2) padding = self.strm.readUnsignedInt(2) if padding != 0: raise PropertySetStreamError() print ("type: 0x%4.4X"%type) if type == 2: value = self.strm.readSignedInt(2) print ("VT_I2: %d"%value) elif type == 0x41: blobSize = self.strm.readUnsignedInt(4) print ("VT_BLOB size: 0x%4.4X"%blobSize) print ("------------------------------------------------------------------------") globals.dumpBytes(self.strm.bytes[self.strm.pos:self.strm.pos+blobSize], blobSize) print ("------------------------------------------------------------------------") else: print ("unknown type") pos += 1 print ("")
def readSet (self, setOffset): globals.outputln("-----------------------------") globals.outputln("Property set") globals.outputln("-----------------------------") size = self.strm.readUnsignedInt(4) globals.outputln("size: 0x%4.4X"%size) props = self.strm.readUnsignedInt(4) globals.outputln("number of properties: 0x%4.4X"%props) pos = 0 while pos < props: self.strm.setCurrentPos(setOffset + 8 + pos*8); id = self.strm.readUnsignedInt(4) offset = self.strm.readUnsignedInt(4) globals.outputln("ID: 0x%4.4X offset: 0x%4.4X"%(id, offset)) self.strm.setCurrentPos(setOffset + offset); type = self.strm.readUnsignedInt(2) padding = self.strm.readUnsignedInt(2) if padding != 0: raise PropertySetStreamError() globals.outputln("type: 0x%4.4X"%type) if type == 2: value = self.strm.readSignedInt(2) globals.outputln("VT_I2: %d"%value) elif type == 0x41: blobSize = self.strm.readUnsignedInt(4) globals.outputln("VT_BLOB size: 0x%4.4X"%blobSize) globals.outputln("------------------------------------------------------------------------") globals.dumpBytes(self.strm.bytes[self.strm.pos:self.strm.pos+blobSize], blobSize) globals.outputln("------------------------------------------------------------------------") else: globals.outputln("unknown type") pos += 1 globals.outputln("")
def dump (self): file = open(self.filepath, 'rb') strmData = globals.StreamData() strm = xlsstream.XLStream(file.read(), self.params, strmData) file.close() strm.printStreamInfo() strm.printHeader() strm.printMSAT() strm.printSAT() strm.printSSAT() strm.printDirectory() dirnames = strm.getDirectoryNames() for dirname in dirnames: if len(dirname) == 0 or dirname == 'Root Entry': continue dirstrm = strm.getDirectoryStreamByName(dirname) self.__printDirHeader(dirname, len(dirstrm.bytes)) if dirname == "Workbook": success = True while success: success = self.__readSubStream(dirstrm) elif dirname == "Revision Log": dirstrm.type = xlsstream.DirType.RevisionLog self.__readSubStream(dirstrm) elif dirname == '_SX_DB_CUR': dirstrm.type = xlsstream.DirType.PivotTableCache self.__readSubStream(dirstrm) elif strmData.isPivotCacheStream(dirname): dirstrm.type = xlsstream.DirType.PivotTableCache self.__readSubStream(dirstrm) else: globals.dumpBytes(dirstrm.bytes, 512)
def dump(self): self.__parseFile() self.strm.printStreamInfo() self.strm.printHeader() self.strm.printMSAT() self.strm.printSAT() self.strm.printSSAT() self.strm.printDirectory() dirEntries = self.strm.getDirectoryEntries() for entry in dirEntries: dirname = entry.Name if len(dirname) == 0: continue dirstrm = self.strm.getDirectoryStream(entry) self.__printDirHeader(entry, len(dirstrm.bytes)) if entry.isStorage(): continue elif dirname == "Workbook": success = True while success: success = self.__readSubStream(dirstrm) elif dirname == "Revision Log": dirstrm.type = xlsstream.DirType.RevisionLog self.__readSubStream(dirstrm) elif dirname == "EncryptionInfo": globals.dumpBytes(dirstrm.bytes, 512) print("-" * globals.OutputWidth) info = msocrypto.EncryptionInfo(dirstrm.bytes) info.read() info.output() elif self.strmData.isPivotCacheStream(dirname): dirstrm.type = xlsstream.DirType.PivotTableCache self.__readSubStream(dirstrm) elif isOleStream(dirname): self.__readOleStream(dirstrm) elif isCompObjStream(dirname): self.__readCompObjStream(dirstrm) else: globals.dumpBytes(dirstrm.bytes, 512)
def dump (self): self.__parseFile() self.strm.printStreamInfo() self.strm.printHeader() self.strm.printMSAT() self.strm.printSAT() self.strm.printSSAT() self.strm.printDirectory() dirEntries = self.strm.getDirectoryEntries() for entry in dirEntries: dirname = entry.Name if len(dirname) == 0: continue dirstrm = self.strm.getDirectoryStream(entry) self.__printDirHeader(entry, len(dirstrm.bytes)) if entry.isStorage(): continue elif dirname == "Workbook": success = True while success: success = self.__readSubStream(dirstrm) elif dirname == "Revision Log": dirstrm.type = xlsstream.DirType.RevisionLog self.__readSubStream(dirstrm) elif dirname == "EncryptionInfo": globals.dumpBytes(dirstrm.bytes, 512) print("-"*globals.OutputWidth) info = msocrypto.EncryptionInfo(dirstrm.bytes) info.read() info.output() elif self.strmData.isPivotCacheStream(dirname): dirstrm.type = xlsstream.DirType.PivotTableCache self.__readSubStream(dirstrm) elif isOleStream(dirname): self.__readOleStream(dirstrm) elif isCompObjStream(dirname): self.__readCompObjStream(dirstrm) else: globals.dumpBytes(dirstrm.bytes, 512)
def output(self, debug=False): print("") print("=" * 68) print("Directory") if debug: print("-" * 68) print("sector(s) used:") for secID in self.sectorIDs: print(" sector %d" % secID) print("") for secID in self.sectorIDs: print("-" * 68) print(" Raw Hex Dump (sector %d)" % secID) print("-" * 68) pos = globals.getSectorPos(secID, self.sectorSize) globals.dumpBytes(self.bytes[pos : pos + self.sectorSize], 128) for entry in self.entries: self.__outputEntry(entry, debug)
def output(self, debug=False): print('') print("=" * globals.OutputWidth) print("Directory") if debug: print("-" * globals.OutputWidth) print("sector(s) used:") for secID in self.sectorIDs: print(" sector %d" % secID) print("") for secID in self.sectorIDs: print("-" * globals.OutputWidth) print(" Raw Hex Dump (sector %d)" % secID) print("-" * globals.OutputWidth) pos = globals.getSectorPos(secID, self.sectorSize) globals.dumpBytes(self.bytes[pos:pos + self.sectorSize], 128) for entry in self.entries: self.__outputEntry(entry, debug)
def dump (self): file = open(self.filepath, 'rb') strm = pptstream.PPTFile(file.read(), self.params) file.close() strm.printStreamInfo() strm.printHeader() strm.printDirectory() dirnames = strm.getDirectoryNames() result = True for dirname in dirnames: if len(dirname) == 0 or dirname == 'Root Entry': continue dirstrm = strm.getDirectoryStreamByName(dirname) self.__printDirHeader(dirname, len(dirstrm.bytes)) if dirname == "PowerPoint Document": if not self.__readSubStream(dirstrm): result = False elif dirname == "Current User": if not self.__readSubStream(dirstrm): result = False else: globals.dumpBytes(dirstrm.bytes, 512) return result
def output(self): def printRawBytes(bytes): for b in bytes: output("%2.2X " % ord(b)) output("\n") def printSep(c, w, prefix=''): print(prefix + c * w) printSep('=', globals.OutputWidth) print("Compound Document Header") printSep('-', globals.OutputWidth) if self.params.debug: globals.dumpBytes(self.bytes[0:512]) printSep('-', globals.OutputWidth) # document ID and unique ID output("Document ID: ") printRawBytes(self.docId) output("Unique ID: ") printRawBytes(self.uId) # revision and version print("Revision: %d Version: %d" % (self.revision, self.version)) # byte order output("Byte order: ") if self.byteOrder == ByteOrder.LittleEndian: print("little endian") elif self.byteOrder == ByteOrder.BigEndian: print("big endian") else: print("unknown") # sector size (usually 512 bytes) print("Sector size: %d (%d)" % (2**self.secSize, self.secSize)) # short sector size (usually 64 bytes) print("Short sector size: %d (%d)" % (2**self.secSizeShort, self.secSizeShort)) # total number of sectors in SAT (equals the number of sector IDs # stored in the MSAT). print("Total number of sectors used in SAT: %d" % self.numSecSAT) print("Sector ID of the first sector of the directory stream: %d" % self.__secIDFirstDirStrm) print("Minimum stream size: %d" % self.minStreamSize) if self.__secIDFirstSSAT == -2: print("Sector ID of the first SSAT sector: [none]") else: print("Sector ID of the first SSAT sector: %d" % self.__secIDFirstSSAT) print("Total number of sectors used in SSAT: %d" % self.numSecSSAT) if self.__secIDFirstMSAT == -2: # There is no more sector ID stored outside the header. print("Sector ID of the first MSAT sector: [end of chain]") else: # There is more sector IDs than 109 IDs stored in the header. print("Sector ID of the first MSAT sector: %d" % (self.__secIDFirstMSAT)) print("Total number of sectors used to store additional MSAT: %d" % self.numSecMSAT)
def output(self): def printRawBytes(bytes): for b in bytes: output("%2.2X " % ord(b)) output("\n") def printSep(c="-", w=68, prefix=""): print(prefix + c * w) printSep("=", 68) print("Compound Document Header") printSep("-", 68) if self.params.debug: globals.dumpBytes(self.bytes[0:512]) printSep("-", 68) # document ID and unique ID output("Document ID: ") printRawBytes(self.docId) output("Unique ID: ") printRawBytes(self.uId) # revision and version print("Revision: %d Version: %d" % (self.revision, self.version)) # byte order output("Byte order: ") if self.byteOrder == ByteOrder.LittleEndian: print("little endian") elif self.byteOrder == ByteOrder.BigEndian: print("big endian") else: print("unknown") # sector size (usually 512 bytes) print("Sector size: %d (%d)" % (2 ** self.secSize, self.secSize)) # short sector size (usually 64 bytes) print("Short sector size: %d (%d)" % (2 ** self.secSizeShort, self.secSizeShort)) # total number of sectors in SAT (equals the number of sector IDs # stored in the MSAT). print("Total number of sectors used in SAT: %d" % self.numSecSAT) print("Sector ID of the first sector of the directory stream: %d" % self.__secIDFirstDirStrm) print("Minimum stream size: %d" % self.minStreamSize) if self.__secIDFirstSSAT == -2: print("Sector ID of the first SSAT sector: [none]") else: print("Sector ID of the first SSAT sector: %d" % self.__secIDFirstSSAT) print("Total number of sectors used in SSAT: %d" % self.numSecSSAT) if self.__secIDFirstMSAT == -2: # There is no more sector ID stored outside the header. print("Sector ID of the first MSAT sector: [end of chain]") else: # There is more sector IDs than 109 IDs stored in the header. print("Sector ID of the first MSAT sector: %d" % (self.__secIDFirstMSAT)) print("Total number of sectors used to store additional MSAT: %d" % self.numSecMSAT)
def __outputEntry(self, entry, debug): print("-" * 68) if len(entry.Name) > 0: name = entry.Name if ord(name[0]) <= 5: name = "<%2.2Xh>%s" % (ord(name[0]), name[1:]) print("name: %s (name buffer size: %d bytes)" % (name, entry.CharBufferSize)) else: print("name: [empty] (name buffer size: %d bytes)" % entry.CharBufferSize) if self.params.debug: print("-" * 68) globals.dumpBytes(entry.bytes) print("-" * 68) output("type: ") if entry.Type == Directory.Type.Empty: print("empty") elif entry.Type == Directory.Type.LockBytes: print("lock bytes") elif entry.Type == Directory.Type.Property: print("property") elif entry.Type == Directory.Type.RootStorage: print("root storage") elif entry.Type == Directory.Type.UserStorage: print("user storage") elif entry.Type == Directory.Type.UserStream: print("user stream") else: print("[unknown type]") output("node color: ") if entry.NodeColor == Directory.NodeColor.Red: print("red") elif entry.NodeColor == Directory.NodeColor.Black: print("black") elif entry.NodeColor == Directory.NodeColor.Unknown: print("[unknown color]") print( "linked dir entries: left: %d; right: %d; root: %d" % (entry.DirIDLeft, entry.DirIDRight, entry.DirIDRoot) ) self.__outputRaw("unique ID", entry.UniqueID) self.__outputRaw("user flags", entry.UserFlags) self.__outputRaw("time created", entry.TimeCreated) self.__outputRaw("time last modified", entry.TimeModified) output("stream info: ") if entry.StreamSectorID < 0: print("[empty stream]") else: strmLoc = "SAT" if entry.StreamLocation == StreamLocation.SSAT: strmLoc = "SSAT" print("(first sector ID: %d; size: %d; location: %s)" % (entry.StreamSectorID, entry.StreamSize, strmLoc)) satObj = None secSize = 0 if entry.StreamLocation == StreamLocation.SAT: satObj = self.SAT secSize = self.header.getSectorSize() elif entry.StreamLocation == StreamLocation.SSAT: satObj = self.SSAT secSize = self.header.getShortSectorSize() if satObj != None: chain = satObj.getSectorIDChain(entry.StreamSectorID) print("sector count: %d" % len(chain)) print("total sector size: %d" % (len(chain) * secSize)) if self.params.showSectorChain: self.__outputSectorChain(chain)
def outputRawBytes(self): bytes = "" for secID in self.sectorIDs: pos = 512 + secID * self.sectorSize bytes += self.bytes[pos : pos + self.sectorSize] globals.dumpBytes(bytes, 512)
def __outputEntry(self, entry, debug): print("-" * globals.OutputWidth) if len(entry.Name) > 0: name = entry.Name if ord(name[0]) <= 5: name = "<%2.2Xh>%s" % (ord(name[0]), name[1:]) print("name: %s (name buffer size: %d bytes)" % (name, entry.CharBufferSize)) else: print("name: [empty] (name buffer size: %d bytes)" % entry.CharBufferSize) if self.params.debug: print("-" * globals.OutputWidth) globals.dumpBytes(entry.bytes) print("-" * globals.OutputWidth) output("type: ") if entry.Type == Directory.Type.Empty: print("empty") elif entry.Type == Directory.Type.LockBytes: print("lock bytes") elif entry.Type == Directory.Type.Property: print("property") elif entry.Type == Directory.Type.RootStorage: print("root storage") elif entry.Type == Directory.Type.UserStorage: print("user storage") elif entry.Type == Directory.Type.UserStream: print("user stream") else: print("[unknown type]") output("node color: ") if entry.NodeColor == Directory.NodeColor.Red: print("red") elif entry.NodeColor == Directory.NodeColor.Black: print("black") elif entry.NodeColor == Directory.NodeColor.Unknown: print("[unknown color]") print("linked dir entries: left: %d; right: %d; root: %d" % (entry.DirIDLeft, entry.DirIDRight, entry.DirIDRoot)) self.__outputRaw("unique ID", entry.UniqueID) self.__outputRaw("user flags", entry.UserFlags) self.__outputRaw("time created", entry.TimeCreated) self.__outputRaw("time last modified", entry.TimeModified) output("stream info: ") if entry.StreamSectorID < 0 or entry.StreamSize == 0: print("[empty stream]") else: strmLoc = "SAT" if entry.StreamLocation == StreamLocation.SSAT: strmLoc = "SSAT" print("(first sector ID: %d; size: %d; location: %s)" % (entry.StreamSectorID, entry.StreamSize, strmLoc)) satObj = None secSize = 0 if entry.StreamLocation == StreamLocation.SAT: satObj = self.SAT secSize = self.header.getSectorSize() elif entry.StreamLocation == StreamLocation.SSAT: satObj = self.SSAT secSize = self.header.getShortSectorSize() if satObj != None: chain = satObj.getSectorIDChain(entry.StreamSectorID) print("sector count: %d" % len(chain)) print("total sector size: %d" % (len(chain) * secSize)) if self.params.showSectorChain: self.__outputSectorChain(chain)
def outputRawBytes(self): bytes = "" for secID in self.sectorIDs: pos = 512 + secID * self.sectorSize bytes += self.bytes[pos:pos + self.sectorSize] globals.dumpBytes(bytes, 512)