From 03563620cff3703f068c2d14e218bbdf537c443c Mon Sep 17 00:00:00 2001
From: security-companion <mail@security-companion.net>
Date: Fri, 30 Jun 2023 22:16:16 +0200
Subject: [PATCH] add hint about existing parameter when stomping is detected

---
 oletools/olevba.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oletools/olevba.py b/oletools/olevba.py
index 52ffd512..49d78e28 100644
--- a/oletools/olevba.py
+++ b/oletools/olevba.py
@@ -3645,7 +3645,7 @@ def analyze_macros(self, show_decoded_strings=False, deobfuscate=False):
                 log.debug('adding VBA stomping to suspicious keywords')
                 keyword = 'VBA Stomping'
                 description = 'VBA Stomping was detected: the VBA source code and P-code are different, '\
-                    'this may have been used to hide malicious code'
+                    'this may have been used to hide malicious code (option --show-pcode to show disassembled P-code)'
                 scanner.suspicious_keywords.append((keyword, description))
                 scanner.results.append(('Suspicious', keyword, description))
             if self.contains_xlm_macros: