Didier Stevens

Wednesday 29 March 2023

Update: myjson-filter.py Version 0.0.4

Filed under: My Software,Update — Didier Stevens @ 19:48

In this update, I add option -W to write items to disk.

Option -W takes a value. Possible values are: vir, hash, hashvir and idvir.

This value determines the filename for each item written to disk.

vir: filename is item name + extension vir
hash: filename is sha256 hash
hashvir: filename is sha256 hash + extension vir
idvir: filename is item id + extension vir

For an example, take a look at my SANS ISC diary entry “Extracting Multiple Streams From OLE Files“.

myjson-filter_V0_0_4.zip (http)
MD5: 7CFB64BDE6A60DB44EBEA18DD4B966D3
SHA256: B8128DC14DC7235710AB4DF9B0B2A55C43FA2035140D5CBCDC09D9079AB6D6DA

Sunday 26 March 2023

Update: python-per-line.py version 0.0.10

Filed under: My Software,Update — Didier Stevens @ 9:16

This is an update to python-per-line.py, my tool to execute a Python expression one each line of a text file.

New options are –regex –join –split. And there are new string reversal functions: Reverse and ReverseFind.

More details in the man page.

python-per-line_V0_0_10.zip (http)
MD5: 54BFA2E593A024E3FBAA76757D63847E
SHA256: D12E5FE10F71011C480EA332E0E183AE904024CEBC22128775197481152B9C1E

Friday 24 March 2023

Update: oledump.py Version 0.0.73

Filed under: My Software,Update — Didier Stevens @ 0:00

A small update to plugin_msi_info to provide extra info on streams.

Indicator ! marks PE and CAB files.

Indicator ? marks files that are not images (and are not marked with !).

The idea is to first inspect streams marked with ! and ?.

The plugin also provides an overview of the files contained inside the CAB file.

oledump_V0_0_73.zip (http)
MD5: 0CAFC87E62E5BC069568B78C1CEE720D
SHA256: CA67FCFA1F4C79668C9ED0C791AFA9D5EEF370AD58DDC542E2204A080A58F9A5

Thursday 23 March 2023

Overview of Content Published in February

Filed under: Announcement — Didier Stevens @ 19:19
Content: Here is an overview of content I published in February:

Blog posts: SANS ISC Diary entries:

Blog at WordPress.com.