Added a new PE subcommand: resourcedirectorytime

[xorhex]

Added a "pe" sub-command to extract out the Resource Directory Timestamp. Comes with the same options as the pe compiletime command.

Usage: pe resourcedirectorytime

Extracts out: pe.DIRECTORY_ENTRY_RESOURCE.struct.TimeDateStamp

[codecov-io]

Codecov Report

Merging #725 into master will decrease coverage by 0.16%.
The diff coverage is 7.93%.

@@            Coverage Diff             @@
##           master     #725      +/-   ##
==========================================
- Coverage   40.47%   40.31%   -0.17%     
==========================================
  Files         129      129              
  Lines       12733    12796      +63     
==========================================
+ Hits         5154     5159       +5     
- Misses       7579     7637      +58

Impacted Files	Coverage Δ
viper/modules/pe.py	29.52% <7.93%> (-1.79%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 445d269...d24736d. Read the comment docs.

[xorhex]

Any additional info or enhancements needed for this pull request to be considered?

[Rafiot]

Absolutely, sorry for the very late answer. I'm going to add a test case and merge it today.

[Rafiot]

Hmmm okay, so I cannot find a file that triggers your code, but as it is a new command, it's not really an issue and I'll merge it now.

If possible, can you share a sample (or a hash) that would trigger it? This way I'll add a test case.

[xorhex]

All good, life happens :-). Thanks for merging this in. I have a few others I hope to be able to share in the near future.

Here is a hash that should return something when the command runs:

0b9d8936b3cc7994d68f6a03f9d3b001

pe resourcedirectorytime
[*] Resource Directory Time: 1150642450 (2006-06-18 14:54:10)

Thanks again!!