From 493a9e19b99ed3d04b6aac273c465683a3682a75 Mon Sep 17 00:00:00 2001 From: LordNoteworthy Date: Sun, 11 Feb 2024 10:54:20 +1100 Subject: [PATCH] print version info --- cmd/dump.go | 62 ++++++++++++++++++++++++++--------------------------- cmd/main.go | 14 ++++++++---- 2 files changed, 40 insertions(+), 36 deletions(-) diff --git a/cmd/dump.go b/cmd/dump.go index 587bcfc..1f91a95 100644 --- a/cmd/dump.go +++ b/cmd/dump.go @@ -40,7 +40,7 @@ func loopFilesWorker(cfg config) error { for _, file := range files { if !file.IsDir() { fullpath := filepath.Join(path, file.Name()) - parse(fullpath, cfg) + parsePE(fullpath, cfg) } } wg.Done() @@ -53,26 +53,25 @@ func LoopDirsFiles(path string) error { if err != nil { return err } - //Add this path as a job to the workers - //You must call it in a go routine, since if every worker is busy, then you have to wait for the channel to be free. + go func() { wg.Add(1) jobs <- path }() for _, file := range files { if file.IsDir() { - //Recursively go further in the tree LoopDirsFiles(filepath.Join(path, file.Name())) } } return nil } -func prettyPrint(buff []byte) string { +func prettyPrint(iface interface{}) string { var prettyJSON bytes.Buffer - error := json.Indent(&prettyJSON, buff, "", "\t") - if error != nil { - log.Info("JSON parse error: ", error) + buff, _ := json.Marshal(iface) + err := json.Indent(&prettyJSON, buff, "", "\t") + if err != nil { + log.Errorf("JSON parse error: %v", err) return string(buff) } @@ -245,30 +244,12 @@ func parsePE(filename string, cfg config) { } // Dump all results to disk in JSON format. - // b, _ := json.Marshal(pe) // f, err := os.Create("out.json") // if err != nil { // return // } // defer f.Close() - // f.WriteString(prettyPrint(b)) - - // Calculate the PE authentihash. - pe.Authentihash() - - // Calculate the PE checksum. - pe.Checksum() - - // Get file type. - if pe.IsEXE() { - log.Debug("File is Exe") - } - if pe.IsDLL() { - log.Debug("File is DLL") - } - if pe.IsDriver() { - log.Debug("File is Driver") - } + // f.WriteString(prettyPrint(pe)) if cfg.wantDOSHeader { DOSHeader := pe.DOSHeader @@ -546,11 +527,12 @@ func parsePE(filename string, cfg config) { fmt.Printf("\nRESOURCES\n**********\n") printRsrcDir(pe.Resources) - r, err := pe.ParseVersionResources() - if err == nil { - fmt.Print(r) + versionInfo, err := pe.ParseVersionResources() + if err != nil { + log.Errorf("failed to parse version resources: %v", err) + } else { + fmt.Printf("\nVersion Info: %v", prettyPrint(versionInfo)) } - fmt.Print() } if cfg.wantException && pe.FileInfo.HasException { @@ -601,6 +583,9 @@ func parsePE(filename string, cfg config) { fmt.Fprintf(w, "Signature Algorithm:\t %s\n", cert.Info.SignatureAlgorithm.String()) fmt.Fprintf(w, "PublicKey Algorithm:\t %s\n", cert.Info.PublicKeyAlgorithm.String()) w.Flush() + + // Calculate the PE authentihash. + pe.Authentihash() } if cfg.wantReloc && pe.FileInfo.HasReloc { @@ -698,7 +683,6 @@ func parsePE(filename string, cfg config) { fpoData.Reserved, fpoData.FrameType, fpoData.FrameType.String()) } } - } } @@ -881,5 +865,19 @@ func parsePE(filename string, cfg config) { } } + // Get file type. + if pe.IsEXE() { + log.Debug("File is Exe") + } + if pe.IsDLL() { + log.Debug("File is DLL") + } + if pe.IsDriver() { + log.Debug("File is Driver") + } + + // Calculate the PE checksum. + pe.Checksum() + fmt.Print("\n") } diff --git a/cmd/main.go b/cmd/main.go index b6fcef2..46574c7 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -89,14 +89,20 @@ func main() { wantCLR: *dumpCLR, } - //Start as many workers you want, now 10 workers + // Start as many workers you want, now 10 workers numWorkers := runtime.GOMAXPROCS(runtime.NumCPU() - 1) for w := 1; w <= numWorkers; w++ { go loopFilesWorker(cfg) } - //Start the recursion - LoopDirsFiles(os.Args[2]) - wg.Wait() + + if !isDirectory(os.Args[2]) { + // Input path in a single file. + parsePE(os.Args[2], cfg) + } else { + // Input path in a directory. + LoopDirsFiles(os.Args[2]) + wg.Wait() + } case "version": verCmd.Parse(os.Args[2:])