Module refinery.units.obfuscation.vba.char
Expand source code Browse git
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from __future__ import annotations
import re
from refinery.units.obfuscation import Deobfuscator, StringLiterals
from refinery.lib.patterns import formats
class deob_vba_char_function(Deobfuscator):
def deobfuscate(self, data):
strings = StringLiterals(formats.vbastr, data)
@strings.outside
def evaluate_char_function(match: re.Match[str]):
try:
c = chr(int(match[1]))
except ValueError:
return match[0]
if c == '"':
return '""""'
if c == '\\':
return '"\\"'
c = repr(c)[1:-1]
if len(c) > 1:
return match[0]
return '"{}"'.format(c)
return re.sub(R'(?i)\bchrw?\s*\(\s*(\d+)\s*\)', evaluate_char_function, data)Classes
class deob_vba_char_function-
Expand source code Browse git
class deob_vba_char_function(Deobfuscator): def deobfuscate(self, data): strings = StringLiterals(formats.vbastr, data) @strings.outside def evaluate_char_function(match: re.Match[str]): try: c = chr(int(match[1])) except ValueError: return match[0] if c == '"': return '""""' if c == '\\': return '"\\"' c = repr(c)[1:-1] if len(c) > 1: return match[0] return '"{}"'.format(c) return re.sub(R'(?i)\bchrw?\s*\(\s*(\d+)\s*\)', evaluate_char_function, data)Ancestors
Class variables
var required_dependenciesvar optional_dependencies
Methods
def deobfuscate(self, data)-
Expand source code Browse git
def deobfuscate(self, data): strings = StringLiterals(formats.vbastr, data) @strings.outside def evaluate_char_function(match: re.Match[str]): try: c = chr(int(match[1])) except ValueError: return match[0] if c == '"': return '""""' if c == '\\': return '"\\"' c = repr(c)[1:-1] if len(c) > 1: return match[0] return '"{}"'.format(c) return re.sub(R'(?i)\bchrw?\s*\(\s*(\d+)\s*\)', evaluate_char_function, data)
Inherited members