Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc-dump.py - no longer displaying document template information #9

Open
re-fox opened this issue Jun 2, 2022 · 0 comments
Open

doc-dump.py - no longer displaying document template information #9

re-fox opened this issue Jun 2, 2022 · 0 comments

Comments

@re-fox
Copy link

re-fox commented Jun 2, 2022

Using a previous version of the tool it was possible to get information on a remote template. New versions result in the following error -> SttbfAssoc::dump() wanted to read beyond the end of the stream

To reproduce:

$ git checkout 953c2e65c059c8542b977d7a42fccf26b0397e66
$ python2 doc-dump.py .9e23a08981ae336068905c771754f7ea26b19d3d978b1bd554a4202a165b3072

...snipped...
<fcSttbfAssoc value="0x3bea" offset="0x19e"/>
<lcbSttbfAssoc value="0x7c" offset="0x1a2">
<sttbfAssoc type="SttbfAssoc" offset="15338" size="124 bytes">
<fExtend value="0xffff"/>
<cData value="0x12"/>
<cbExtra value="0x0"/>
<cchData index="0x0" meaning="Unused. MUST be ignored." offset="15346" size="0 bytes">
<string value=""/>
</cchData>
<cchData index="0x1" meaning="The path of the associated document template (2), if it is not the default Normal template." offset="15348" size="41 bytes">
<string value="https://checklicensekey.com/ebriated.dotm"/>
</cchData>
...snipped...

When using the current version directly from the main branch, an error is tossed.

$ git checkout master
$ python3 doc-dump.py .9e23a08981ae336068905c771754f7ea26b19d3d978b1bd554a4202a165b3072

...snipped...
<fcSttbfAssoc value="0x3bea" offset="0x19e"/>
<lcbSttbfAssoc value="0x7c" offset="0x1a2">
<sttbfAssoc type="SttbfAssoc" offset="15338" size="124 bytes">
<fExtend value="0xffff"/>
<cData value="0x12"/>
<cbExtra value="0x0"/>
<info what="SttbfAssoc::dump() wanted to read beyond the end of the stream"/>
</sttbfAssoc>
...snipped...

A copy of the document is uploaded here (password: infected). Use caution when handling the attachment.
9e23a08981ae336068905c771754f7ea26b19d3d978b1bd554a4202a165b3072.zip
@re-fox re-fox changed the title doc-dumper.py - no longer displaying document template information doc-dump.py - no longer displaying document template information Jun 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@re-fox