decalage2 / ViperMonkey

A VBA parser and emulation engine to analyze malicious macros.
1.05k stars 186 forks source link

[Errno 2] No such file or directory #84

Open foratnegre opened 4 years ago

foratnegre commented 4 years ago

Trying to analyze an Office Word document gives an error of directory or file not found. But it refers to Excel. I have LibreOffice installed (version 6.3)

The file is analyzed here: https://app.any.run/tasks/47980f8d-f6be-4ec3-bc56-e667fceba9ad

This is text of error: vmonkey 0.08 - https://github.com/decalage2/ViperMonkey THIS IS WORK IN PROGRESS - Check updates regularly! Please report any issue at https://github.com/decalage2/ViperMonkey/issues

=============================================================================== FILE: Facturas de noviembre.doc INFO Starting emulation... INFO Emulating an Office (VBA) file. INFO Reading document metadata... Traceback (most recent call last): File "C:\pypy\site-packages\vipermonkey-0.8-py2.7.egg\vipermonkey\vmonkey.py", line 1008, in _process_file vm.loaded_excel = load_excel(data) File "C:\pypy\site-packages\vipermonkey-0.8-py2.7.egg\vipermonkey\vmonkey.py", line 898, in load_excel wb = load_excel_libreoffice(data) File "C:\pypy\site-packages\vipermonkey-0.8-py2.7.egg\vipermonkey\vmonkey.py", line 815, in load_excel_libreoffice f = open(out_dir, 'wb') IOError: [Errno 2] No such file or directory: '/tmp/tmp_excel_file_3513880625' ERROR [Errno 2] No such file or directory: '/tmp/tmp_excel_file_3513880625'

BiteFoo commented 4 years ago

I alse have same issues on Windows7 x64,python2.7.18 ,and I have already fixed it like below:

Firstly ,add tempfile module the vmonkey.py

# for logging
from core.logger import log
from core.logger import CappedFileHandler
from logging import LogRecord
from logging import FileHandler

# for tempfile for Windows ,it works  
import tempfile

_,tmpdir = tempfile.mkstemp()

Second,replace all "/tmp/tmp_wordfile" to " tmpdir+"_"+"tmp_wordfile" as below

# bug windows cant' find /tmp dir
    # out_dir = "/tmp/tmp_word_file_" + str(random.randrange(0, 10000000000))
    # bugfix try tmpfile moduel 

    out_dir = tmpdir+"_"+"tmp_word_file_" + str(random.randrange(0, 10000000000))

Finally ,everything is works :D

decalage2 commented 4 years ago

May be fixed by https://github.com/kirk-sayre-work/ViperMonkey/pull/29