christian-intra2net
commented
1 year ago I have just encountered a sample with the same problem and searching for clues found this PR. Reviewed the code here and tested it and everything checks out. Also includes a test sample and adjustments to the other tests, so I'm all in favour of merging this. Just needs a very simple rebase because of another unittest that has been added to master branch in the meantime.
Thanks at @kijeong , excellent work :+1:
decalage2
gjvdkamp
kijeong
Hello @decalage2,
Recently, while analyzing the PowerPoint document containing VBAs, I found that some errors were outputted in the olevba output result.
The error was better revealed by activating the oletools debug option(--loglevel debug).
It was, I think, due to the newly added PROJECTCOMPATVERSION Record on dir Stream. So I added the PROJECTCOMPATVERSION processing code to olevba.py.
If this is okay, I hope it merges.
Tested PowerPoint Application version: Microsoft® PowerPoint® Microsoft 365 MSO(version 2110 build 16.0.14527.20234) 64bit
Refs: 2.3.4.2.1.2 PROJECTCOMPATVERSION Record, https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-ovba/ed5d7ede-5d7d-4645-bba3-ddfd9bdc76ed, Perhaps this was issued in 2021-08-17.
Thank you for your work.😀
Best, Kijeong