start drafting a datetime object for deserialization

src/dnfile/base.py

@@ -8,6 +8,7 @@
 import enum
 import struct as _struct
 import logging
+import datetime
 import functools as _functools
 import itertools as _itertools
 from typing import TYPE_CHECKING, Any, Dict, List, Type, Tuple, Union, Generic, TypeVar, Optional, Sequence
@@ -980,3 +981,32 @@ def set_data(self, data: bytes):
     @abc.abstractmethod
     def parse(self):
         raise NotImplementedError()
+
+
+class DateTimeStruct(Structure):
+    Ticks: int
+    Kind: enums.DateTimeKind
+
+
+class DateTime(object):
+    def __init__(self, rva: int, raw_bytes: bytes):
+        self.struct: Optional[DateTimeStruct] = None
+        self.raw: bytes = raw_bytes
+        self.value: Optional[datetime.datetime] = None
+
+    def parse(self):
+        if not self.raw:
+            # TODO: warn/error
+            return
+        # Should be 64 bites
+        if len(self.raw) != 8:
+            # TODO: warn/error
+            return
+        x = _struct.unpack("<q", self.raw)[0]
+        self.struct = DateTimeStruct()
+        self.struct.Ticks = x & 0x3FFFFFFFFFFFFFFF
+        self.struct.Kind = x >> 62
+        # https://stackoverflow.com/questions/3169517/python-c-sharp-binary-datetime-encoding
+        secs = self.struct.Ticks / 10.0 ** 7
+        delta = datetime.timedelta(seconds=secs)
+        self.value = datetime.datetime(1, 1, 1) + delta

src/dnfile/enums.py

@@ -861,3 +861,17 @@ class AssemblyHashAlgorithm(_enum.IntEnum):
     SHA256  = 0x800c
     SHA384  = 0x800d
     SHA512  = 0x800e
+
+
+class DateTimeKind(_enum.IntEnum):
+    """
+    Per Microsoft documenation, provide additional context to DateTime instances.
+
+    REFERENCE:
+        https://github.com/dotnet/runtime/blob/main/src/libraries/System.Private.CoreLib/src/System/DateTime.cs
+        https://github.com/dotnet/runtime/blob/main/src/libraries/System.Private.CoreLib/src/System/DateTimeKind.cs
+    """
+    Unspecified = 0
+    Utc = 1
+    Local = 2
+    LocalAmbiguousDst = 3