feat: OLE CF and VBA modules implemented

[davidmagnotti]

OLE CF (Object Linking and Embedding Compound File) format is a file format used for legacy Microsoft Office files, such as documents, workbooks, presentations, and others. It's also used with Visual Basic for Applications (VBA) which is known more commonly as Office macros.

I've implemented two modules for parsing OLE CF files and VBA. I've also expanded the dump command to allow dumping of file metadata such as stream metadata (OLE CF) and macros (VBA).

An example of how you could use this to identify the use of auto-execute macro method names like "Document_New":

import "vba"

rule detect_document_new
{
    condition:
        for any module in vba.module_code : (
            module matches /document_new/i
        )
}

[plusvic]

Good work. This goes in the right direction, but I think it requires a bit of rewrite to make it more similar to other existing modules that use the nom crate for parsing binary files. The nom crate makes parsing complex data strucuture easier, and removes boilerplate code like the read_u32 and read_u16 functions.

[plusvic]

This makes a copy of data, and data in this case is the file being scanned. For a 1GB file we are making a copy of a 1GB buffer. There must be some of parsing this format that doesn't imply making a copy of the data.

[plusvic]

All these hard-coded offsets make the code harder to maintain and understand. This looks like you are parsing a struct, the nom crate makes the parsing of structures very easy. Use the lnk crate as an example: https://github.com/VirusTotal/yara-x/blob/main/lib/src/modules/lnk/parser.rs

[plusvic]

Include some links to documentation explaining the format.

[plusvic]

Instead of using constant strings use enums.

[plusvic]

Is this actually repeated? If so, the name is a bit misleading considering that module_names and module_types are in plural form and this is singular.