win32: structured storage
tlviewer
tlviewerSHRUB at yahooCHENEY.com
Thu May 5 23:30:47 EDT 2005
hello,
In honor of the chm exploit that I got hit by last week, I trying
to code some ActivePython to list the directory inside a CHM.
CHM is supposed to be structured storage (ITSF). If a given CHM
file is infected it most likely has an embedded EXE file -- mine
had one called [Open.exe].
The following code works for Excell sheets, XLS, but fails for
CHM files.
# begin python
from win32com import storagecon as sc
import os, win32api
import pythoncom as pyc
from pywintypes import IID
its_clsid = IID('{5d02926a-212e-11d0-9df9-00a0c922e6ec}')
its_iid= IID('{88cc31de-27ab-11d0-9df9-00a0c922e6ec}')
#
pyc.CoInitialize()
# commented out after failing on my Win2k box
#pyc.CoCreateInstance( its_clsid,None,pyc.CLSCTX_INPROC_SERVER, its_iid)
m = sc.STGM_READ | sc.STGM_SHARE_EXCLUSIVE
# quarantined CHM virus
fname = "e:/batch/junkx.chm"
#fname = "C:/Documents and Settings/Administrator/My Documents/02_taxes.xls"
pss = pyc.StgOpenStorageEx( fname, m, sc.STGFMT_STORAGE,0, pyc.IID_IStorage)
ele = pss.EnumElements( 0, None,0)
obj = ele.next()
print obj[0]
obj = ele.next()
print obj[0]
# end python
with the XLS file, I get the names of the two sheets.
Is there another way to parse the central directory out of
a CHM file?
tia,
tlviewer
More information about the Python-list
mailing list