Script to automatically extract the IDL from the installation folder.

 

Auditing an application is mixture of source code analysis and binary analysis. When you auditing a new application , it is good to know the COM interfaces in the application. I extract the MSI/zip files into a folder and run a script to extract all the IDL information’s. For the long time i was searching a command line version of oleview to extract these information. Finally i got a tool(oleWoo) to extract these information. Attaching the script to extract these information’s.

You have to run this script with two arguments.

eg , oledump.py installation_folder_path output_folder_path

 

Code

import sys
import os
import re
import shlex, subprocess

def usage():
    print ”’
Usage: %s directoryname idlrootdirectory
    ”’.strip() % sys.argv[0]

def mkdirs(newdir):
    """ Create a directory and all parent folders.
        Features:
        – parent directoryies will be created
        – if directory already exists, then do nothing
        – if there is another filsystem object with the same name, raise an exception
    """
    if os.path.isdir(newdir):
        pass
    elif os.path.isfile(newdir):
        raise OSError("cannot create directory, file already exists: ‘%s’" % newdir)
    else:
        head, tail = os.path.split(newdir)
        if head and not os.path.isdir(head):
            mkdirs(head)
        if tail:
            os.mkdir(newdir)

if len(sys.argv) < 2 or os.path.isfile(sys.argv[1]) or os.path.isfile(sys.argv[2]):
    #print len(sys.argv)
    usage()
    sys.exit()

fileList = []
for root, subFolders, files in os.walk(sys.argv[1]):
    for file in files:
        fileList.append(os.path.join(root,file))

for file in fileList:
    #print "File : %s"%file;
    fileExt=os.path.splitext(file)[-1]
    #print fileExt
    if fileExt == ".txt" or fileExt == ".msi" or fileExt == ".lex" or fileExt == ".gif" or fileExt == ".otf" or fileExt == ".html" or fileExt == ".htm" or fileExt == ".gif" or fileExt == ".png" or fileExt == ".css" or fileExt == ".js" or fileExt == ".cer" or fileExt == ".xml" or fileExt == ".pmp" or fileExt == ".pdf" or fileExt == ".chm" or fileExt == ".dmg" or fileExt == ".inf" or fileExt == ".sys" or fileExt == ".cat":
        continue;
   
    Newfilepath= "%s\\%s.idl"%(sys.argv[2],file.split(sys.argv[1])[1]);
    mkdirs(os.path.dirname(Newfilepath));
    command_and_param= [‘oledump’];
    command_and_param.append(file);
    #print command_and_param;
    process = subprocess.Popen(command_and_param, stdout=subprocess.PIPE, stderr=subprocess.PIPE);
    (stdoutdata,stderrdata )= process.communicate();
   
    if stderrdata:
        #print stderrdata
        if not stderrdata.find("is not a loadable typelibrary."):
            print "Error. Look into this file %s" % file;
    else:
        #print stdoutdata
        f = open(Newfilepath, ‘wb’)
        f.write(stdoutdata)
        f.close()
       
print "Done."

Advertisements
This entry was posted in COM, ole, python, Tools and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s