Python-oletools/rtfobj

From aldeid
Jump to navigation Jump to search
You are here
rtfobj

Description

rtfobj is a Python module to extract embedded objects from RTF files, such as OLE ojects. It can be used as a Python library or a command-line tool.

For detailed use cases, refer to the official documentation.

Installation

Refer to this section.

Usage

Usage: rtfobj.py <file.rtf>

Example

$ ./rtfobj.py /data/tmp/1.doc 
found object size 4709 at index 000000A6
saving to file object_000000A6.bin

$ hd object_000000A6.bin
00000000  01 05 00 00 02 00 00 00  1b 00 00 00 4d 53 43 6f  |............MSCo|
00000010  6d 63 74 6c 4c 69 62 2e  4c 69 73 74 56 69 65 77  |mctlLib.ListView|
00000020  43 74 72 6c 2e 32 00 00  00 00 00 00 00 00 00 00  |Ctrl.2..........|
00000030  0e 00 00 d0 cf 11 e0 a1  b1 1a e1 00 00 00 00 00  |................|
00000040  00 00 00 00 00 00 00 00  00 00 00 3e 00 03 00 fe  |...........>....|
00000050  ff 09 00 06 00 00 00 00  00 00 00 00 00 00 00 01  |................|
00000060  00 00 00 01 00 00 00 00  00 00 00 00 10 00 00 02  |................|
00000070  00 00 00 01 00 00 00 fe  ff ff ff 00 00 00 00 00  |................|
00000080  00 00 00 ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
00000090  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
*
00000230  ff ff ff fd ff ff ff fe  ff ff ff fe ff ff ff 04  |................|
00000240  00 00 00 05 00 00 00 fe  ff ff ff ff ff ff ff ff  |................|
00000250  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
*
00000430  ff ff ff 52 00 6f 00 6f  00 74 00 20 00 45 00 6e  |...R.o.o.t. .E.n|
00000440  00 74 00 72 00 79 00 00  00 00 00 00 00 00 00 00  |.t.r.y..........|
00000450  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
[REMOVED]
Retrieved from "https://www.aldeid.com/w/index.php?title=Python-oletools/rtfobj&oldid=34905"