def dump(self):
file = open(self.filepath, 'rb')
strm = pptstream.PPTFile(file.read(), self.params)
file.close()
strm.printStreamInfo()
strm.printHeader()
strm.printDirectory()
dirnames = strm.getDirectoryNames()
result = True
for dirname in dirnames:
if len(dirname) == 0 or dirname == 'Root Entry':
continue
dirstrm = strm.getDirectoryStreamByName(dirname)
self.__printDirHeader(dirname, len(dirstrm.bytes))
if dirname == "PowerPoint Document":
if not self.__readSubStream(dirstrm):
result = False
elif dirname == "Current User":
if not self.__readSubStream(dirstrm):
result = False
elif dirname == "\x05DocumentSummaryInformation":
strm = olestream.PropertySetStream(dirstrm.bytes)
strm.read()
else:
globals.dumpBytes(dirstrm.bytes, 512)
return result
def read (self):
globals.outputln("moniker size: %d"%(len(self.strm.bytes)-16))
clsID = self.strm.readBytes(16)
globals.outputln("CLS ID: %s"%globals.getRawBytes(clsID, True, False))
globals.outputln("stream data (implemention specific):")
globals.dumpBytes(self.strm.readRemainingBytes())
globals.outputln("")
def read (self):
print ("moniker size: %d"%(len(self.strm.bytes)-16))
clsID = self.strm.readBytes(16)
print ("CLS ID: %s"%globals.getRawBytes(clsID, True, False))
print ("stream data (implemention specific):")
globals.dumpBytes(self.strm.readRemainingBytes())
print ("")
def readSet (self, setOffset):
print ("-----------------------------")
print ("Property set")
print ("-----------------------------")
size = self.strm.readUnsignedInt(4)
print ("size: 0x%4.4X"%size)
props = self.strm.readUnsignedInt(4)
print ("number of properties: 0x%4.4X"%props)
pos = 0
while pos < props:
self.strm.setCurrentPos(setOffset + 8 + pos*8);
id = self.strm.readUnsignedInt(4)
offset = self.strm.readUnsignedInt(4)
print ("ID: 0x%4.4X offset: 0x%4.4X"%(id, offset))
self.strm.setCurrentPos(setOffset + offset);
type = self.strm.readUnsignedInt(2)
padding = self.strm.readUnsignedInt(2)
if padding != 0:
raise PropertySetStreamError()
print ("type: 0x%4.4X"%type)
if type == 2:
value = self.strm.readSignedInt(2)
print ("VT_I2: %d"%value)
elif type == 0x41:
blobSize = self.strm.readUnsignedInt(4)
print ("VT_BLOB size: 0x%4.4X"%blobSize)
print ("------------------------------------------------------------------------")
globals.dumpBytes(self.strm.bytes[self.strm.pos:self.strm.pos+blobSize], blobSize)
print ("------------------------------------------------------------------------")
else:
print ("unknown type")
pos += 1
print ("")
def readSet (self, setOffset):
globals.outputln("-----------------------------")
globals.outputln("Property set")
globals.outputln("-----------------------------")
size = self.strm.readUnsignedInt(4)
globals.outputln("size: 0x%4.4X"%size)
props = self.strm.readUnsignedInt(4)
globals.outputln("number of properties: 0x%4.4X"%props)
pos = 0
while pos < props:
self.strm.setCurrentPos(setOffset + 8 + pos*8);
id = self.strm.readUnsignedInt(4)
offset = self.strm.readUnsignedInt(4)
globals.outputln("ID: 0x%4.4X offset: 0x%4.4X"%(id, offset))
self.strm.setCurrentPos(setOffset + offset);
type = self.strm.readUnsignedInt(2)
padding = self.strm.readUnsignedInt(2)
if padding != 0:
raise PropertySetStreamError()
globals.outputln("type: 0x%4.4X"%type)
if type == 2:
value = self.strm.readSignedInt(2)
globals.outputln("VT_I2: %d"%value)
elif type == 0x41:
blobSize = self.strm.readUnsignedInt(4)
globals.outputln("VT_BLOB size: 0x%4.4X"%blobSize)
globals.outputln("------------------------------------------------------------------------")
globals.dumpBytes(self.strm.bytes[self.strm.pos:self.strm.pos+blobSize], blobSize)
globals.outputln("------------------------------------------------------------------------")
else:
globals.outputln("unknown type")
pos += 1
globals.outputln("")
def dump (self):
file = open(self.filepath, 'rb')
strmData = globals.StreamData()
strm = xlsstream.XLStream(file.read(), self.params, strmData)
file.close()
strm.printStreamInfo()
strm.printHeader()
strm.printMSAT()
strm.printSAT()
strm.printSSAT()
strm.printDirectory()
dirnames = strm.getDirectoryNames()
for dirname in dirnames:
if len(dirname) == 0 or dirname == 'Root Entry':
continue
dirstrm = strm.getDirectoryStreamByName(dirname)
self.__printDirHeader(dirname, len(dirstrm.bytes))
if dirname == "Workbook":
success = True
while success:
success = self.__readSubStream(dirstrm)
elif dirname == "Revision Log":
dirstrm.type = xlsstream.DirType.RevisionLog
self.__readSubStream(dirstrm)
elif dirname == '_SX_DB_CUR':
dirstrm.type = xlsstream.DirType.PivotTableCache
self.__readSubStream(dirstrm)
elif strmData.isPivotCacheStream(dirname):
dirstrm.type = xlsstream.DirType.PivotTableCache
self.__readSubStream(dirstrm)
else:
globals.dumpBytes(dirstrm.bytes, 512)
def dump(self):
self.__parseFile()
self.strm.printStreamInfo()
self.strm.printHeader()
self.strm.printMSAT()
self.strm.printSAT()
self.strm.printSSAT()
self.strm.printDirectory()
dirEntries = self.strm.getDirectoryEntries()
for entry in dirEntries:
dirname = entry.Name
if len(dirname) == 0:
continue
dirstrm = self.strm.getDirectoryStream(entry)
self.__printDirHeader(entry, len(dirstrm.bytes))
if entry.isStorage():
continue
elif dirname == "Workbook":
success = True
while success:
success = self.__readSubStream(dirstrm)
elif dirname == "Revision Log":
dirstrm.type = xlsstream.DirType.RevisionLog
self.__readSubStream(dirstrm)
elif dirname == "EncryptionInfo":
globals.dumpBytes(dirstrm.bytes, 512)
print("-" * globals.OutputWidth)
info = msocrypto.EncryptionInfo(dirstrm.bytes)
info.read()
info.output()
elif self.strmData.isPivotCacheStream(dirname):
dirstrm.type = xlsstream.DirType.PivotTableCache
self.__readSubStream(dirstrm)
elif isOleStream(dirname):
self.__readOleStream(dirstrm)
elif isCompObjStream(dirname):
self.__readCompObjStream(dirstrm)
else:
globals.dumpBytes(dirstrm.bytes, 512)
def dump (self):
self.__parseFile()
self.strm.printStreamInfo()
self.strm.printHeader()
self.strm.printMSAT()
self.strm.printSAT()
self.strm.printSSAT()
self.strm.printDirectory()
dirEntries = self.strm.getDirectoryEntries()
for entry in dirEntries:
dirname = entry.Name
if len(dirname) == 0:
continue
dirstrm = self.strm.getDirectoryStream(entry)
self.__printDirHeader(entry, len(dirstrm.bytes))
if entry.isStorage():
continue
elif dirname == "Workbook":
success = True
while success:
success = self.__readSubStream(dirstrm)
elif dirname == "Revision Log":
dirstrm.type = xlsstream.DirType.RevisionLog
self.__readSubStream(dirstrm)
elif dirname == "EncryptionInfo":
globals.dumpBytes(dirstrm.bytes, 512)
print("-"*globals.OutputWidth)
info = msocrypto.EncryptionInfo(dirstrm.bytes)
info.read()
info.output()
elif self.strmData.isPivotCacheStream(dirname):
dirstrm.type = xlsstream.DirType.PivotTableCache
self.__readSubStream(dirstrm)
elif isOleStream(dirname):
self.__readOleStream(dirstrm)
elif isCompObjStream(dirname):
self.__readCompObjStream(dirstrm)
else:
globals.dumpBytes(dirstrm.bytes, 512)
def output(self, debug=False):
print("")
print("=" * 68)
print("Directory")
if debug:
print("-" * 68)
print("sector(s) used:")
for secID in self.sectorIDs:
print(" sector %d" % secID)
print("")
for secID in self.sectorIDs:
print("-" * 68)
print(" Raw Hex Dump (sector %d)" % secID)
print("-" * 68)
pos = globals.getSectorPos(secID, self.sectorSize)
globals.dumpBytes(self.bytes[pos : pos + self.sectorSize], 128)
for entry in self.entries:
self.__outputEntry(entry, debug)
def output(self, debug=False):
print('')
print("=" * globals.OutputWidth)
print("Directory")
if debug:
print("-" * globals.OutputWidth)
print("sector(s) used:")
for secID in self.sectorIDs:
print(" sector %d" % secID)
print("")
for secID in self.sectorIDs:
print("-" * globals.OutputWidth)
print(" Raw Hex Dump (sector %d)" % secID)
print("-" * globals.OutputWidth)
pos = globals.getSectorPos(secID, self.sectorSize)
globals.dumpBytes(self.bytes[pos:pos + self.sectorSize], 128)
for entry in self.entries:
self.__outputEntry(entry, debug)
def dump (self):
file = open(self.filepath, 'rb')
strm = pptstream.PPTFile(file.read(), self.params)
file.close()
strm.printStreamInfo()
strm.printHeader()
strm.printDirectory()
dirnames = strm.getDirectoryNames()
result = True
for dirname in dirnames:
if len(dirname) == 0 or dirname == 'Root Entry':
continue
dirstrm = strm.getDirectoryStreamByName(dirname)
self.__printDirHeader(dirname, len(dirstrm.bytes))
if dirname == "PowerPoint Document":
if not self.__readSubStream(dirstrm):
result = False
elif dirname == "Current User":
if not self.__readSubStream(dirstrm):
result = False
else:
globals.dumpBytes(dirstrm.bytes, 512)
return result
def output(self):
def printRawBytes(bytes):
for b in bytes:
output("%2.2X " % ord(b))
output("\n")
def printSep(c, w, prefix=''):
print(prefix + c * w)
printSep('=', globals.OutputWidth)
print("Compound Document Header")
printSep('-', globals.OutputWidth)
if self.params.debug:
globals.dumpBytes(self.bytes[0:512])
printSep('-', globals.OutputWidth)
# document ID and unique ID
output("Document ID: ")
printRawBytes(self.docId)
output("Unique ID: ")
printRawBytes(self.uId)
# revision and version
print("Revision: %d Version: %d" % (self.revision, self.version))
# byte order
output("Byte order: ")
if self.byteOrder == ByteOrder.LittleEndian:
print("little endian")
elif self.byteOrder == ByteOrder.BigEndian:
print("big endian")
else:
print("unknown")
# sector size (usually 512 bytes)
print("Sector size: %d (%d)" % (2**self.secSize, self.secSize))
# short sector size (usually 64 bytes)
print("Short sector size: %d (%d)" %
(2**self.secSizeShort, self.secSizeShort))
# total number of sectors in SAT (equals the number of sector IDs
# stored in the MSAT).
print("Total number of sectors used in SAT: %d" % self.numSecSAT)
print("Sector ID of the first sector of the directory stream: %d" %
self.__secIDFirstDirStrm)
print("Minimum stream size: %d" % self.minStreamSize)
if self.__secIDFirstSSAT == -2:
print("Sector ID of the first SSAT sector: [none]")
else:
print("Sector ID of the first SSAT sector: %d" %
self.__secIDFirstSSAT)
print("Total number of sectors used in SSAT: %d" % self.numSecSSAT)
if self.__secIDFirstMSAT == -2:
# There is no more sector ID stored outside the header.
print("Sector ID of the first MSAT sector: [end of chain]")
else:
# There is more sector IDs than 109 IDs stored in the header.
print("Sector ID of the first MSAT sector: %d" %
(self.__secIDFirstMSAT))
print("Total number of sectors used to store additional MSAT: %d" %
self.numSecMSAT)
def output(self):
def printRawBytes(bytes):
for b in bytes:
output("%2.2X " % ord(b))
output("\n")
def printSep(c="-", w=68, prefix=""):
print(prefix + c * w)
printSep("=", 68)
print("Compound Document Header")
printSep("-", 68)
if self.params.debug:
globals.dumpBytes(self.bytes[0:512])
printSep("-", 68)
# document ID and unique ID
output("Document ID: ")
printRawBytes(self.docId)
output("Unique ID: ")
printRawBytes(self.uId)
# revision and version
print("Revision: %d Version: %d" % (self.revision, self.version))
# byte order
output("Byte order: ")
if self.byteOrder == ByteOrder.LittleEndian:
print("little endian")
elif self.byteOrder == ByteOrder.BigEndian:
print("big endian")
else:
print("unknown")
# sector size (usually 512 bytes)
print("Sector size: %d (%d)" % (2 ** self.secSize, self.secSize))
# short sector size (usually 64 bytes)
print("Short sector size: %d (%d)" % (2 ** self.secSizeShort, self.secSizeShort))
# total number of sectors in SAT (equals the number of sector IDs
# stored in the MSAT).
print("Total number of sectors used in SAT: %d" % self.numSecSAT)
print("Sector ID of the first sector of the directory stream: %d" % self.__secIDFirstDirStrm)
print("Minimum stream size: %d" % self.minStreamSize)
if self.__secIDFirstSSAT == -2:
print("Sector ID of the first SSAT sector: [none]")
else:
print("Sector ID of the first SSAT sector: %d" % self.__secIDFirstSSAT)
print("Total number of sectors used in SSAT: %d" % self.numSecSSAT)
if self.__secIDFirstMSAT == -2:
# There is no more sector ID stored outside the header.
print("Sector ID of the first MSAT sector: [end of chain]")
else:
# There is more sector IDs than 109 IDs stored in the header.
print("Sector ID of the first MSAT sector: %d" % (self.__secIDFirstMSAT))
print("Total number of sectors used to store additional MSAT: %d" % self.numSecMSAT)
def __outputEntry(self, entry, debug):
print("-" * 68)
if len(entry.Name) > 0:
name = entry.Name
if ord(name[0]) <= 5:
name = "<%2.2Xh>%s" % (ord(name[0]), name[1:])
print("name: %s (name buffer size: %d bytes)" % (name, entry.CharBufferSize))
else:
print("name: [empty] (name buffer size: %d bytes)" % entry.CharBufferSize)
if self.params.debug:
print("-" * 68)
globals.dumpBytes(entry.bytes)
print("-" * 68)
output("type: ")
if entry.Type == Directory.Type.Empty:
print("empty")
elif entry.Type == Directory.Type.LockBytes:
print("lock bytes")
elif entry.Type == Directory.Type.Property:
print("property")
elif entry.Type == Directory.Type.RootStorage:
print("root storage")
elif entry.Type == Directory.Type.UserStorage:
print("user storage")
elif entry.Type == Directory.Type.UserStream:
print("user stream")
else:
print("[unknown type]")
output("node color: ")
if entry.NodeColor == Directory.NodeColor.Red:
print("red")
elif entry.NodeColor == Directory.NodeColor.Black:
print("black")
elif entry.NodeColor == Directory.NodeColor.Unknown:
print("[unknown color]")
print(
"linked dir entries: left: %d; right: %d; root: %d" % (entry.DirIDLeft, entry.DirIDRight, entry.DirIDRoot)
)
self.__outputRaw("unique ID", entry.UniqueID)
self.__outputRaw("user flags", entry.UserFlags)
self.__outputRaw("time created", entry.TimeCreated)
self.__outputRaw("time last modified", entry.TimeModified)
output("stream info: ")
if entry.StreamSectorID < 0:
print("[empty stream]")
else:
strmLoc = "SAT"
if entry.StreamLocation == StreamLocation.SSAT:
strmLoc = "SSAT"
print("(first sector ID: %d; size: %d; location: %s)" % (entry.StreamSectorID, entry.StreamSize, strmLoc))
satObj = None
secSize = 0
if entry.StreamLocation == StreamLocation.SAT:
satObj = self.SAT
secSize = self.header.getSectorSize()
elif entry.StreamLocation == StreamLocation.SSAT:
satObj = self.SSAT
secSize = self.header.getShortSectorSize()
if satObj != None:
chain = satObj.getSectorIDChain(entry.StreamSectorID)
print("sector count: %d" % len(chain))
print("total sector size: %d" % (len(chain) * secSize))
if self.params.showSectorChain:
self.__outputSectorChain(chain)
def outputRawBytes(self):
bytes = ""
for secID in self.sectorIDs:
pos = 512 + secID * self.sectorSize
bytes += self.bytes[pos : pos + self.sectorSize]
globals.dumpBytes(bytes, 512)
def __outputEntry(self, entry, debug):
print("-" * globals.OutputWidth)
if len(entry.Name) > 0:
name = entry.Name
if ord(name[0]) <= 5:
name = "<%2.2Xh>%s" % (ord(name[0]), name[1:])
print("name: %s (name buffer size: %d bytes)" %
(name, entry.CharBufferSize))
else:
print("name: [empty] (name buffer size: %d bytes)" %
entry.CharBufferSize)
if self.params.debug:
print("-" * globals.OutputWidth)
globals.dumpBytes(entry.bytes)
print("-" * globals.OutputWidth)
output("type: ")
if entry.Type == Directory.Type.Empty:
print("empty")
elif entry.Type == Directory.Type.LockBytes:
print("lock bytes")
elif entry.Type == Directory.Type.Property:
print("property")
elif entry.Type == Directory.Type.RootStorage:
print("root storage")
elif entry.Type == Directory.Type.UserStorage:
print("user storage")
elif entry.Type == Directory.Type.UserStream:
print("user stream")
else:
print("[unknown type]")
output("node color: ")
if entry.NodeColor == Directory.NodeColor.Red:
print("red")
elif entry.NodeColor == Directory.NodeColor.Black:
print("black")
elif entry.NodeColor == Directory.NodeColor.Unknown:
print("[unknown color]")
print("linked dir entries: left: %d; right: %d; root: %d" %
(entry.DirIDLeft, entry.DirIDRight, entry.DirIDRoot))
self.__outputRaw("unique ID", entry.UniqueID)
self.__outputRaw("user flags", entry.UserFlags)
self.__outputRaw("time created", entry.TimeCreated)
self.__outputRaw("time last modified", entry.TimeModified)
output("stream info: ")
if entry.StreamSectorID < 0 or entry.StreamSize == 0:
print("[empty stream]")
else:
strmLoc = "SAT"
if entry.StreamLocation == StreamLocation.SSAT:
strmLoc = "SSAT"
print("(first sector ID: %d; size: %d; location: %s)" %
(entry.StreamSectorID, entry.StreamSize, strmLoc))
satObj = None
secSize = 0
if entry.StreamLocation == StreamLocation.SAT:
satObj = self.SAT
secSize = self.header.getSectorSize()
elif entry.StreamLocation == StreamLocation.SSAT:
satObj = self.SSAT
secSize = self.header.getShortSectorSize()
if satObj != None:
chain = satObj.getSectorIDChain(entry.StreamSectorID)
print("sector count: %d" % len(chain))
print("total sector size: %d" % (len(chain) * secSize))
if self.params.showSectorChain:
self.__outputSectorChain(chain)
def outputRawBytes(self):
bytes = ""
for secID in self.sectorIDs:
pos = 512 + secID * self.sectorSize
bytes += self.bytes[pos:pos + self.sectorSize]
globals.dumpBytes(bytes, 512)
