Hi,
After a recently ransomware attack I'm a bit paranoic, and discovering about the "VBA stomp" got me a bit concerned about how I've got compromised. I'm trying to translate the Vesselin Bontchev's VBA p-code disassembler
more specifically, the pcodedmp.py python file, which is slightly below 1300 lines of python code.
In order to be a bit more usable it should be converted to a more readable format, so it's convenient to use Nicolas Zilio's pcode2code, but this is another topic.
Both files URI (Bontchev's and Zilio's) are referred in the BAS file inside the attachment if anybody want to get the original python files.
The thing is that I'm not a Python user, and although all the code seems easy to be ported, there are some caveats for me to get completed, because of language specific functions and external modules. It's something I'll not easy find on a Beginners Python tutorial.
That's why I'm asking for some help. I not asking for someone to translate all the code for me (although any help is always wellcome ). Else any revision of the code is appreciated.
I've just started some hours ago with this, so it's in early stages. After prettifying the thing, getting the ":" substitution for the "Then", and closing IfThen-EndIf, For-Next, While-Loop, and getting some UDT and declaring some variables (that could change as I get more confidence about what the file does). I must get rid of the String format warnings, but that's for sure easy to accomplish. I upload the module as it's just now.
The main procedure is at the end, mainDecode, that must open an output file. I could not see where does it open any BIN or OLE file but I'm very new with the code.
The point is that taking a quick look, these following procedures could drive me nuts, I've moved them to the top of the module, just to have them at firsthand:
Any help translating them is really appreciated.
Best regards
Bookmarks