viper-framework / viper

Binary analysis and management framework
Other
1.54k stars 351 forks source link

Added a new PE subcommand: resourcedirectorytime #725

Closed xorhex closed 5 years ago

xorhex commented 5 years ago

Added a "pe" sub-command to extract out the Resource Directory Timestamp. Comes with the same options as the pe compiletime command.

Usage: pe resourcedirectorytime

Extracts out: pe.DIRECTORY_ENTRY_RESOURCE.struct.TimeDateStamp

codecov-io commented 5 years ago

Codecov Report

Merging #725 into master will decrease coverage by 0.16%. The diff coverage is 7.93%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #725      +/-   ##
==========================================
- Coverage   40.47%   40.31%   -0.17%     
==========================================
  Files         129      129              
  Lines       12733    12796      +63     
==========================================
+ Hits         5154     5159       +5     
- Misses       7579     7637      +58
Impacted Files Coverage Δ
viper/modules/pe.py 29.52% <7.93%> (-1.79%) :arrow_down:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 445d269...d24736d. Read the comment docs.

xorhex commented 5 years ago

Any additional info or enhancements needed for this pull request to be considered?

Rafiot commented 5 years ago

Absolutely, sorry for the very late answer. I'm going to add a test case and merge it today.

Rafiot commented 5 years ago

Hmmm okay, so I cannot find a file that triggers your code, but as it is a new command, it's not really an issue and I'll merge it now.

If possible, can you share a sample (or a hash) that would trigger it? This way I'll add a test case.

xorhex commented 5 years ago

All good, life happens :-). Thanks for merging this in. I have a few others I hope to be able to share in the near future.

Here is a hash that should return something when the command runs:

0b9d8936b3cc7994d68f6a03f9d3b001

pe resourcedirectorytime
[*] Resource Directory Time: 1150642450 (2006-06-18 14:54:10)

Thanks again!!