Didier Stevens

Thursday 6 December 2018

Update: oledump.py Version 0.0.39

Filed under: My Software,Update — Didier Stevens @ 0:00

This new version of oledump brings several new features.

When option -i is used without selecting a stream, the overview will contain the size of the compiled code and the source code for all modules:

Selecting just the compiled code from a module stream can be done with suffix c: oledump.py -s A4c sample.xlsm.

Suffix s is to be used to select source code only: oledump.py -s A4s sample.xlsm.

A warning is displayed when option -s (selecting) does not result in the selection of a stream.

Option -A does a run-length encoded ASCII dump (cfr. -a).

Option -T does a head & tail: select the first 10 and last 10 lines of the output.

Ad-hoc YARA rules can now also be hexadecimal (#x#) or regular expression (#r#).

And offsets in a cut expression can now be hexadecimal too (prefix 0x).

oledump_V0_0_39.zip (https)
MD5: 5C9A1D94E1BC857877116E425D80A197
SHA256: DF7FFA0C707C8D66C0E0FBEE583286DBA9970824782C6B7AB6BFDC30A85BB419

Blog at WordPress.com.