Using "N0" format string breaks on non-Us systems

[jipegit]

Explicitly using "N0" format string breaks on non-US systems.

It would be great to have a culture-neutral command line output.

The issue also affects other tools (LECmd, etc).

[EricZimmerman]

why would it break anything? it should just be displaying the int using that specifier.

can i see examples please?

https://docs.microsoft.com/en-us/dotnet/standard/base-types/standard-numeric-format-strings?view=netframework-4.8#NFormatString

[jipegit]

The "," char (in size or else) is actually being replaced by 0xFF in the console output leading to some whitespace (non-printable char) in the console or some <?> if you redirect the output in a file to read it in a text editor.

[EricZimmerman]

Is that a shell issue or pecmd?

Can you attach an example file, how you processed it, and the redirected output so I can compare?

On Thu, May 23, 2019, 6:03 PM Jean-Philippe notifications@github.com wrote:

The "," char (in size or else) is actually being replaced by 0xFF in the console output leading to some whitespace (non-printable char) in the console or some <?> if you redirect the output in a file to read it in a text editor.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/EricZimmerman/PECmd/issues/3?email_source=notifications&email_token=ABARKJRSIQE5WQBPIVPDBN3PW4ICBA5CNFSM4HOUZZG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODWDTTLI#issuecomment-495401389, or mute the thread https://github.com/notifications/unsubscribe-auth/ABARKJV2D4SZDLHUQPLWJR3PW4ICBANCNFSM4HOUZZGQ .

[jipegit]

The problem does not depend of the input file(s). The int value is ok in a csv output.

Below a cmd.exe output. The issue is the same in a Powershell terminal. The computer's region settings are set to France/French.

The issue is visible at 0x0001e0, with 0xff right in the middle of the size value.

C:\Users\user\Downloads\PECmd>PECmd.exe -d c:\Windows\Prefetch | hexdump.exe -C
000000  50 45 43 6d 64 20 76 65 72 73 69 6f 6e 20 31 2e  PECmd version 1.
000010  33 2e 32 2e 30 0a 0a 41 75 74 68 6f 72 3a 20 45  3.2.0..Author: E
000020  72 69 63 20 5a 69 6d 6d 65 72 6d 61 6e 20 28 73  ric Zimmerman (s
000030  61 65 72 69 63 7a 69 6d 6d 65 72 6d 61 6e 40 67  aericzimmerman@g
000040  6d 61 69 6c 2e 63 6f 6d 29 0a 68 74 74 70 73 3a  mail.com).https:
000050  2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 45 72 69  //github.com/Eri
000060  63 5a 69 6d 6d 65 72 6d 61 6e 2f 50 45 43 6d 64  cZimmerman/PECmd
000070  0a 0a 43 6f 6d 6d 61 6e 64 20 6c 69 6e 65 3a 20  ..Command line:
000080  2d 64 20 63 3a 5c 57 69 6e 64 6f 77 73 5c 50 72  -d c:\Windows\Pr
000090  65 66 65 74 63 68 0a 0a 4b 65 79 77 6f 72 64 73  efetch..Keywords
0000a0  3a 20 74 65 6d 70 2c 20 74 6d 70 0a 0a 4c 6f 6f  : temp, tmp..Loo
0000b0  6b 69 6e 67 20 66 6f 72 20 70 72 65 66 65 74 63  king for prefetc
0000c0  68 20 66 69 6c 65 73 20 69 6e 20 27 63 3a 5c 57  h files in 'c:\W
0000d0  69 6e 64 6f 77 73 5c 50 72 65 66 65 74 63 68 27  indows\Prefetch'
0000e0  0a 0a 46 6f 75 6e 64 20 31 38 30 20 50 72 65 66  ..Found 180 Pref
0000f0  65 74 63 68 20 66 69 6c 65 73 0a 0a 50 72 6f 63  etch files..Proc
000100  65 73 73 69 6e 67 20 27 63 3a 5c 57 69 6e 64 6f  essing 'c:\Windo
000110  77 73 5c 50 72 65 66 65 74 63 68 5c 33 55 54 4f  ws\Prefetch\3UTO
000120  4f 4c 53 2e 45 58 45 2d 46 34 38 46 46 46 35 38  OLS.EXE-F48FFF58
000130  2e 70 66 27 0a 0a 43 72 65 61 74 65 64 20 6f 6e  .pf'..Created on
000140  3a 20 32 30 31 39 2d 30 31 2d 30 34 20 31 30 3a  : 2019-01-04 10:
000150  35 31 3a 33 33 0a 4d 6f 64 69 66 69 65 64 20 6f  51:33.Modified o
000160  6e 3a 20 32 30 31 39 2d 30 31 2d 30 39 20 31 32  n: 2019-01-09 12
000170  3a 34 39 3a 31 38 0a 4c 61 73 74 20 61 63 63 65  :49:18.Last acce
000180  73 73 65 64 20 6f 6e 3a 20 32 30 31 39 2d 30 31  ssed on: 2019-01
000190  2d 30 34 20 31 30 3a 35 31 3a 33 33 0a 0a 45 78  -04 10:51:33..Ex
0001a0  65 63 75 74 61 62 6c 65 20 6e 61 6d 65 3a 20 33  ecutable name: 3
0001b0  55 54 4f 4f 4c 53 2e 45 58 45 0a 48 61 73 68 3a  UTOOLS.EXE.Hash:
0001c0  20 46 34 38 46 46 46 35 38 0a 46 69 6c 65 20 73   F48FFF58.File s
0001d0  69 7a 65 20 28 62 79 74 65 73 29 3a 20 31 35 34  ize (bytes): 154
0001e0  ff 33 37 38 0a 56 65 72 73 69 6f 6e 3a 20 57 69  .378.Version: Wi
0001f0  6e 64 6f 77 73 20 31 30 0a 0a 52 75 6e 20 63 6f  ndows 10..Run co

[EricZimmerman]

if you do not pipe it, does it display correctly on the screen?

what version of powershell? maybe try this?

pecmd command here | Set-Content -Path C:\temp\pecmdout.txt

https://superuser.com/questions/1056614/command-prompt-tree-shows-unicode-in-console-but-outputs-to-file-in-ascii

https://stackoverflow.com/questions/2706097/how-to-do-proper-unicode-and-ansi-output-redirection-on-cmd-exe

this is not something i can fix i am afraid. its correct in the csv, and its correct when redirection is not happening afaik

[jipegit]

pecmd command here | Set-Content -Path C:\temp\pecmdout.txt uses the 0x0A char instead of 0x20.

It does display correctly in the terminal but that's a side effect as it does not display 0xFF or 0x0A chars. But the issue stays the same in some text editors.

If there is nothing you can do you can close the issue.

Thank you.