win32: structured storage

[tlviewer]

hello,

In honor of the chm exploit that I got hit by last week, I trying
to code some ActivePython to list the directory inside a CHM.

CHM is supposed to be structured storage (ITSF). If a given CHM
file is infected it most likely has an embedded EXE file -- mine
had one called [Open.exe].

The following code works for Excell sheets, XLS, but fails for
CHM files.

# begin python
from win32com import storagecon as sc
import os, win32api
import pythoncom as pyc
from pywintypes import IID

its_clsid = IID('{5d02926a-212e-11d0-9df9-00a0c922e6ec}')
its_iid= IID('{88cc31de-27ab-11d0-9df9-00a0c922e6ec}')
#
pyc.CoInitialize()

# commented out after failing on my Win2k box
#pyc.CoCreateInstance( its_clsid,None,pyc.CLSCTX_INPROC_SERVER, its_iid)
m = sc.STGM_READ | sc.STGM_SHARE_EXCLUSIVE

# quarantined CHM virus
fname = "e:/batch/junkx.chm"
#fname = "C:/Documents and Settings/Administrator/My Documents/02_taxes.xls"
pss = pyc.StgOpenStorageEx( fname, m, sc.STGFMT_STORAGE,0, pyc.IID_IStorage)

ele = pss.EnumElements( 0, None,0)
obj = ele.next()
print obj[0]
obj = ele.next()
print obj[0]
# end python

with the XLS file, I get the names of the two sheets.
Is there another way to parse the central directory out of
a CHM file?

tia,
tlviewer

 

[Steve Holden]

hello,

In honor of the chm exploit that I got hit by last week, I trying
to code some ActivePython to list the directory inside a CHM.

Welcome to the world of the "drive-by download". Now you know why people
are recommending migrating away from IE.

> CHM is supposed to be structured storage (ITSF). If a given CHM
> file is infected it most likely has an embedded EXE file -- mine
> had one called [Open.exe].
>

Ironic, really, since Microsoft insist that the browser must be
fully-integrated with the operating system I suppose that measn we had
better all start using Linux.

regards
Steve

 

[Robert Kern]

Is there another way to parse the central directory out of
a CHM file?

google("chmlib python")

--
Robert Kern
(e-mail address removed)

"In the fields of hell where the grass grows high
Are the graves of dreams allowed to die."
-- Richard Harter

 

[Dave Benjamin]

CHM is supposed to be structured storage (ITSF). If a given CHM
file is infected it most likely has an embedded EXE file -- mine
had one called [Open.exe].

Ironic, really, since Microsoft insist that the browser must be
fully-integrated with the operating system I suppose that measn we had
better all start using Linux.

Even more ironically, it would seem that in effort to kill Netscape they
are killing Windows.

 

[Dave Benjamin]

CHM is supposed to be structured storage (ITSF). If a given CHM
file is infected it most likely has an embedded EXE file -- mine
had one called [Open.exe].

Ironic, really, since Microsoft insist that the browser must be
fully-integrated with the operating system I suppose that measn we had
better all start using Linux.

Even more ironically, it would seem that in effort to kill Netscape they
are killing Windows.

Or perhaps I'm just restating your point.

 

[tlviewer]

google("chmlib python")

Anyone know the calling syntax for the functions?

PythonWin 2.3.2 (#49, Nov 13 2003, 10:34:54) [MSC v.1200 32 bit (Intel)] on win32.
Portions Copyright 1994-2001 Mark Hammond
([email protected]) - see 'Help/About PythonWin' for further copyright information.Traceback (most recent call last):

I doubt if the build is good ...

regards,
tlviewer