Feature Request: Identify Office Version and bit-ness for given file #45
Description
When investigating a vbastomped file it is nice to know which office version/bit-ness it was created with so we know what version we can open it back up in and get office to successful decompile the pcode for us. It would be great to have a command-line option that we can use with a document and have it identify, for example:
- 2016x86
or - 2019x64
The current work around for not having this feature is to use the "-v" option which prints the VBA Project stream to the screen in hex, then looking at the 3rd and 4th bytes and comparing to this table from evilclippy.cs
case "2010x86": version[0] = 0x97; version[1] = 0x00; break; case "2013x86": version[0] = 0xA3; version[1] = 0x00; break; case "2016x86": version[0] = 0xAF; version[1] = 0x00; break; case "2019x86": version[0] = 0xAF; version[1] = 0x00; break; case "2013x64": version[0] = 0xA6; version[1] = 0x00; break; case "2016x64": version[0] = 0xB2; version[1] = 0x00; break; case "2019x64": version[0] = 0xB2; version[1] = 0x00; break;