Update: search-for-compression.py Version 0.0.4
文章介绍了search-for-compression.py工具的更新版本0.0.4,新增了对VBA压缩的支持,并添加了选择压缩类型的选项-t(–type),同时引入了用于预定义规则的快捷方式#p#。 2025-6-3 00:0:0 Author: blog.didierstevens.com(查看原文) 阅读量:11 收藏
文章介绍了search-for-compression.py工具的更新版本0.0.4,新增了对VBA压缩的支持,并添加了选择压缩类型的选项-t(–type),同时引入了用于预定义规则的快捷方式#p#。 2025-6-3 00:0:0 Author: blog.didierstevens.com(查看原文) 阅读量:11 收藏
Update: search-for-compression.py Version 0.0.4
This tool is still beta.
VBA compression is now supported, besides zlib compression. Option -t (–type) was added so that one can choose the compression type to search for. Possible values are zlib (default) or vba.
And shortcut #p# was added to the yara option, to predefine these rules:
rule attribute_vb_name {
strings:
$a = "Attribute VB_Name = "
condition:
$a
}
rule dir {
strings:
$a = { 01 00 04 }
condition:
$a at 0
}I’ll explain in another blog post how these features can be used to analyze MS Access databases with VBA project.
No comments yet.
文章来源: https://blog.didierstevens.com/2025/06/03/update-search-for-compression-py-version-0-0-4/
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh