decalage2
Strange Project Information Record
Affected tool: olevba
Describe the bug
I am using olevba to simply export VBA scripts to readable files. It worked smooth until now, but since last week the export lost the file extensions.
I found out that there is additional information inside the bytestring. I couldn't find any information in MS docs about this ID. So I have created a workaround to filter these segment.
How To Reproduce the bug Untouched Excel Files (saved in the past) work normal. In the moment I open and save the file without any changes the problem occurs.
Expected behavior A clear and concise description of what you expected to happen.
Console output / Screenshots
Here is my simple workaround to keep it running for the moment.
Version information:
- OS: Windows 10 Enterprise
- OS version: 1909 - 64 bits
- Excel version: O365 Version 2106 (Build 14131.20278)
- Python version: 3.7.6 / 64 bits
- oletools version: 0.58
I have just hit this bug too. To save someone typing out at line 1722
# Temp Fix
id_temp = struct.unpack("<H", dir_stream.read(2))[0]
if id_temp == 0x004A:
size_temp = struct.unpack("<L", dir_stream.read(4))[0]
value_temp = struct.unpack("<L", dir_stream.read(size_temp))[0]
id_temp = struct.unpack("<H", dir_stream.read(2))[0]
# PROJECTLCID Record
# Specifies the VBA project's LCID.
projectlcid_id = id_temp
# projectlcid_id = struct.unpack("<H", dir_stream.read(2))[0]
@decalage2 Can I PR this fix? I know we are not sure why the file format has changed for new saves and what the new bytes represent but it does fix the real problem of losing the file extension information.
Thanks @decalage2 I'm not using the tool for any projects ATM so I can't confirm but good to know.