Closed xorhex closed 5 years ago
Merging #725 into master will decrease coverage by
0.16%
. The diff coverage is7.93%
.
@@ Coverage Diff @@
## master #725 +/- ##
==========================================
- Coverage 40.47% 40.31% -0.17%
==========================================
Files 129 129
Lines 12733 12796 +63
==========================================
+ Hits 5154 5159 +5
- Misses 7579 7637 +58
Impacted Files | Coverage Δ | |
---|---|---|
viper/modules/pe.py | 29.52% <7.93%> (-1.79%) |
:arrow_down: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 445d269...d24736d. Read the comment docs.
Any additional info or enhancements needed for this pull request to be considered?
Absolutely, sorry for the very late answer. I'm going to add a test case and merge it today.
Hmmm okay, so I cannot find a file that triggers your code, but as it is a new command, it's not really an issue and I'll merge it now.
If possible, can you share a sample (or a hash) that would trigger it? This way I'll add a test case.
All good, life happens :-). Thanks for merging this in. I have a few others I hope to be able to share in the near future.
Here is a hash that should return something when the command runs:
0b9d8936b3cc7994d68f6a03f9d3b001
pe resourcedirectorytime
[*] Resource Directory Time: 1150642450 (2006-06-18 14:54:10)
Thanks again!!
Added a "pe" sub-command to extract out the Resource Directory Timestamp. Comes with the same options as the
pe compiletime
command.Usage:
pe resourcedirectorytime
Extracts out:
pe.DIRECTORY_ENTRY_RESOURCE.struct.TimeDateStamp