Add the vba ppt sample to the `find_vba` list in the `test_macros` function.

decalage2 / oletools

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

http://www.decalage.info/python/oletools

Other

2.81k stars 560 forks source link

Add the vba ppt sample to the `find_vba` list in the `test_macros` function. #862

Open kijeong opened 2 weeks ago

kijeong commented 2 weeks ago

This pull request is related to #859 and #723. I made some additional adjustments to the changes from #859. @christian-intra2net, it would be great if you could review it.

The file 'olevba/sample_with_vba.ppt' contains an actual VBA macro.

And in my opinion, the code page should not vary depending on the test machine.

I referred to the following parts:

olefile.py:OleFileIO.getproperties function
- property_id: 1, value: 949
codepages.py:get_codepage_name, CODEPAGE_NAME[949]

christian-intra2net commented 2 weeks ago

You are right, of course, the local system settings should not matter. Unfortunately, I had to make the unpleasant experience that sometimes it does matter, at least for system encoding. Anyway, I checked you code and ran it and this works nicely. Apparently, also on github actions server with US locale this went through. I failed to note down the result I had gotten, that differed from yours. So, I have to assume I made an error and all is fine with the code itself. I suggest to merge this PR

kijeong commented 2 weeks ago

You are right, of course, the local system settings should not matter. Unfortunately, I had to make the unpleasant experience that sometimes it does matter, at least for system encoding. Anyway, I checked you code and ran it and this works nicely. Apparently, also on github actions server with US locale this went through. I failed to note down the result I had gotten, that differed from yours. So, I have to assume I made an error and all is fine with the code itself. I suggest to merge this PR

Thank you for reviewing my pull request and for running the code on your end.

I appreciate your understanding regarding the system encoding variations. As I don't live in a US locale, I've had my fair share of experiences with encoding-related issues,, and I am also sensitive to these problems. It's a relief to know that the code worked fine on the GitHub Actions server with a US locale.

If you encounter any issues again, please feel free to share them with me.

Thanks again for your feedback and support.