irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
e62a14dafcfc5b5d8fea1babc97fea756f17f76e
docker_file_analysis/data/generated/wiki/tools/oledump.md
T
tobias e62a14dafc Add markdown wiki with 473 pages and zk browser 
Generate interlinked wiki from master inventory: 397 tool pages,
15 workflow pages, 27 recipe pages, 33 category pages, plus index.
All pages use [[wiki-links]] for cross-navigation between tools,
workflows, recipes, and categories (1782 links total).

Install zk for interactive browsing with fzf search, tag filtering,
and backlink discovery. Add 'fhelp wiki' command and Makefile target.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 19:50:36 +01:00

35 lines
1.5 KiB
Markdown
Raw Blame History

# oledump.py
> Analyze OLE2 files (Office documents), extract streams and VBA macros
**Category:** [[categories/analyze-documents-microsoft-office|Analyze Documents > Microsoft Office]] | **Tier:** Rich (FOR610) | **Author:** Didier Stevens
**Docs:** [https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office](https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office)
## Usage
```bash
oledump.py document.docm
oledump.py document.docm -s A3 -v
oledump.py document.docm -i
```
## Recipes
- [[recipes/extract-base64-ps-from-vba|Extract Base64 PowerShell from Office Macro]]
- [[recipes/vba-number-string-decode|Decode VBA Number Arrays to Strings]]
- [[recipes/office-full-decode-chain|Full Office Macro Decode Chain]]
## Workflows
- [[workflows/document-analysis-workflow|Malicious Document Analysis]] — Step 2: Structure Analysis
- [[workflows/shellcode-analysis-workflow|Shellcode Analysis]] — Step 2: Extraction
## Related Tools
- [[tools/evilclippy|evilclippy]] — Remove VBA project password protection and manipulate Office
- [[tools/libolecf|libolecf]] — Microsoft Office OLE2 compound documents.
- [[tools/msoffcrypto-crack|msoffcrypto-crack.py]] — Recover the password of an encrypted Microsoft Office docume
- [[tools/msoffcrypto-tool|msoffcrypto-tool]] — Decrypt password-protected Microsoft Office documents (OLE a
- [[tools/msoffice-crypt|msoffice-crypt]] — Encrypt and decrypt OOXML Microsoft Office documents.
## FOR610
**Labs:** 3.3, 3.4, 4.5
**Sections:** 3, 4
#office #vba #macro #ole #didier-stevens
Reference in New Issue View Git Blame Copy Permalink