From f0c679c690932c609d453039189310970cd967a7 Mon Sep 17 00:00:00 2001 From: gsinclair Date: Wed, 11 Mar 2015 20:24:11 -0700 Subject: [PATCH 1/3] adding compile time to PE binaries --- libr/bin/format/pe/pe.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libr/bin/format/pe/pe.c b/libr/bin/format/pe/pe.c index bead700fae046..4a352f84a4572 100644 --- a/libr/bin/format/pe/pe.c +++ b/libr/bin/format/pe/pe.c @@ -298,6 +298,10 @@ static int PE_(r_bin_pe_init_hdr)(struct PE_(r_bin_pe_obj_t)* bin) { " (pe_machine)machine numberOfSections timeDateStamp pointerToSymbolTable" " numberOfSymbols sizeOfOptionalHeader (pe_characteristics)characteristics", 0); sdb_set (bin->kv, "pe_image_data_directory.format", "xx virtualAddress size",0); + + // adding compile time to the SDB + sdb_num_set (bin->kv, "image_file_header.TimeDateStamp", bin->nt_headers->file_header.TimeDateStamp, 0); + if (strncmp ((char*)&bin->dos_header->e_magic, "MZ", 2) || strncmp ((char*)&bin->nt_headers->Signature, "PE", 2)) return R_FALSE; From a5e5bbd192d6cf681b643cfcfa20666cee30e9dc Mon Sep 17 00:00:00 2001 From: gsinclair Date: Thu, 12 Mar 2015 15:42:39 -0700 Subject: [PATCH 2/3] string timestamp added to bin/cur/info in the sdb --- libr/bin/format/pe/pe.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libr/bin/format/pe/pe.c b/libr/bin/format/pe/pe.c index 4a352f84a4572..9871ce8f27148 100644 --- a/libr/bin/format/pe/pe.c +++ b/libr/bin/format/pe/pe.c @@ -6,6 +6,7 @@ #include #include #include "pe.h" +#include struct SCV_NB10_HEADER; typedef struct { @@ -226,6 +227,8 @@ static int PE_(r_bin_pe_parse_imports)(struct PE_(r_bin_pe_obj_t)* bin, struct r } static int PE_(r_bin_pe_init_hdr)(struct PE_(r_bin_pe_obj_t)* bin) { + char szTimeDateStamp[50]; + if (!(bin->dos_header = malloc(sizeof(PE_(image_dos_header))))) { r_sys_perror ("malloc (dos header)"); return R_FALSE; @@ -301,7 +304,9 @@ static int PE_(r_bin_pe_init_hdr)(struct PE_(r_bin_pe_obj_t)* bin) { // adding compile time to the SDB sdb_num_set (bin->kv, "image_file_header.TimeDateStamp", bin->nt_headers->file_header.TimeDateStamp, 0); - + time_t ts = bin->nt_headers->file_header.TimeDateStamp; + sdb_set(bin->kv, "image_file_header.TimeDateStamp_string", strdup(ctime(&ts)), 0); + if (strncmp ((char*)&bin->dos_header->e_magic, "MZ", 2) || strncmp ((char*)&bin->nt_headers->Signature, "PE", 2)) return R_FALSE; From 6aea3092567025fa93a48dc14308f1d8817c0f99 Mon Sep 17 00:00:00 2001 From: gsinclair Date: Thu, 12 Mar 2015 15:51:54 -0700 Subject: [PATCH 3/3] removed unused variable --- libr/bin/format/pe/pe.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/libr/bin/format/pe/pe.c b/libr/bin/format/pe/pe.c index 9871ce8f27148..eaa7b8ed1eb46 100644 --- a/libr/bin/format/pe/pe.c +++ b/libr/bin/format/pe/pe.c @@ -227,8 +227,6 @@ static int PE_(r_bin_pe_parse_imports)(struct PE_(r_bin_pe_obj_t)* bin, struct r } static int PE_(r_bin_pe_init_hdr)(struct PE_(r_bin_pe_obj_t)* bin) { - char szTimeDateStamp[50]; - if (!(bin->dos_header = malloc(sizeof(PE_(image_dos_header))))) { r_sys_perror ("malloc (dos header)"); return R_FALSE;