From 5b1c331dba6c4836103bdd6529f53f629f3204d6 Mon Sep 17 00:00:00 2001 From: malwarefrank <42877127+malwarefrank@users.noreply.github.com> Date: Sat, 1 Feb 2025 04:43:39 +0000 Subject: [PATCH] Closes #89 Retain Kind value for DateTime resource type. --- src/dnfile/base.py | 41 +++++++++++++++++++++++++++++++---------- src/dnfile/enums.py | 2 +- src/dnfile/resource.py | 16 +++------------- 3 files changed, 35 insertions(+), 24 deletions(-) diff --git a/src/dnfile/base.py b/src/dnfile/base.py index 37dc895..9c016e6 100644 --- a/src/dnfile/base.py +++ b/src/dnfile/base.py @@ -985,28 +985,49 @@ def parse(self): class DateTimeStruct(Structure): Ticks: int - Kind: enums.DateTimeKind + Kind: int class DateTime(object): - def __init__(self, rva: int, raw_bytes: bytes): + struct: Optional[DateTimeStruct] + kind: Optional[enums.DateTimeKind] + value: Optional[datetime.datetime] + seconds: Optional[int] + __data__: bytes + + def __init__(self, raw_bytes: bytes, rva: Optional[int] = None): self.struct: Optional[DateTimeStruct] = None - self.raw: bytes = raw_bytes + self.kind: Optional[enums.DateTimeKind] = None self.value: Optional[datetime.datetime] = None + self.seconds: Optional[int] = None + self.__data__: bytes = raw_bytes + self.rva: Optional[int] = rva def parse(self): - if not self.raw: + if not self.__data__: # TODO: warn/error return - # Should be 64 bites - if len(self.raw) != 8: + # Should be 64 bits + if len(self.__data__) != 8: # TODO: warn/error return - x = _struct.unpack("> 62 # https://stackoverflow.com/questions/3169517/python-c-sharp-binary-datetime-encoding - secs = self.struct.Ticks / 10.0 ** 7 - delta = datetime.timedelta(seconds=secs) - self.value = datetime.datetime(1, 1, 1) + delta \ No newline at end of file + self.Seconds = self.struct.Ticks / 10.0 ** 7 + self.Kind = enums.DateTimeKind(self.struct.Kind) + delta = datetime.timedelta(seconds=self.Seconds) + if self.Kind == enums.DateTimeKind.Utc: + self.value = datetime.datetime(1, 1, 1, 0, 0, 0, 0, datetime.timezone.utc) + delta + else: + self.value = datetime.datetime(1, 1, 1, 0, 0, 0, 0) + delta + + def __str__(self) -> str: + return str(self.value) + + def to_datetime(self) -> Optional[datetime.datetime]: + return self.value diff --git a/src/dnfile/enums.py b/src/dnfile/enums.py index 7a9e561..ccaeb90 100644 --- a/src/dnfile/enums.py +++ b/src/dnfile/enums.py @@ -874,4 +874,4 @@ class DateTimeKind(_enum.IntEnum): Unspecified = 0 Utc = 1 Local = 2 - LocalAmbiguousDst = 3 \ No newline at end of file + LocalAmbiguousDst = 3 diff --git a/src/dnfile/resource.py b/src/dnfile/resource.py index 375fea5..570dccb 100644 --- a/src/dnfile/resource.py +++ b/src/dnfile/resource.py @@ -224,19 +224,9 @@ def type_str_to_type(self, type_name: str, data: bytes, offset: int) -> Tuple[Op elif type_name == "System.DateTime": tsize = 8 final_bytes = data[offset:offset + tsize] - x = struct.unpack("