...
|
...
|
@@ -764,14 +764,14 @@ int cli_scanpe(cli_ctx *ctx)
|
764
|
764
|
|
765
|
765
|
if(EC16(file_hdr.Characteristics) & 0x2000) {
|
766
|
766
|
#if HAVE_JSON
|
767
|
|
- if ((pe_json))
|
|
767
|
+ if (pe_json != NULL)
|
768
|
768
|
cli_jsonstr(pe_json, "Type", "DLL");
|
769
|
769
|
#endif
|
770
|
770
|
cli_dbgmsg("File type: DLL\n");
|
771
|
771
|
dll = 1;
|
772
|
772
|
} else if(EC16(file_hdr.Characteristics) & 0x01) {
|
773
|
773
|
#if HAVE_JSON
|
774
|
|
- if ((pe_json))
|
|
774
|
+ if (pe_json != NULL)
|
775
|
775
|
cli_jsonstr(pe_json, "Type", "EXE");
|
776
|
776
|
#endif
|
777
|
777
|
cli_dbgmsg("File type: Executable\n");
|
...
|
...
|
@@ -875,7 +875,8 @@ int cli_scanpe(cli_ctx *ctx)
|
875
|
875
|
if ((archtype)) {
|
876
|
876
|
cli_dbgmsg("Machine type: %s\n", archtype);
|
877
|
877
|
#if HAVE_JSON
|
878
|
|
- cli_jsonstr(pe_json, "ArchType", archtype);
|
|
878
|
+ if (pe_json != NULL)
|
|
879
|
+ cli_jsonstr(pe_json, "ArchType", archtype);
|
879
|
880
|
#endif
|
880
|
881
|
}
|
881
|
882
|
|
...
|
...
|
@@ -905,13 +906,15 @@ int cli_scanpe(cli_ctx *ctx)
|
905
|
905
|
cli_dbgmsg("TimeDateStamp: %s", cli_ctime(×tamp, timestr, sizeof(timestr)));
|
906
|
906
|
|
907
|
907
|
#if HAVE_JSON
|
908
|
|
- cli_jsonstr(pe_json, "TimeDateStamp", cli_ctime(×tamp, timestr, sizeof(timestr)));
|
|
908
|
+ if (pe_json != NULL)
|
|
909
|
+ cli_jsonstr(pe_json, "TimeDateStamp", cli_ctime(×tamp, timestr, sizeof(timestr)));
|
909
|
910
|
#endif
|
910
|
911
|
|
911
|
912
|
cli_dbgmsg("SizeOfOptionalHeader: %x\n", EC16(file_hdr.SizeOfOptionalHeader));
|
912
|
913
|
|
913
|
914
|
#if HAVE_JSON
|
914
|
|
- cli_jsonint(pe_json, "SizeOfOptionalHeader", EC16(file_hdr.SizeOfOptionalHeader));
|
|
915
|
+ if (pe_json != NULL)
|
|
916
|
+ cli_jsonint(pe_json, "SizeOfOptionalHeader", EC16(file_hdr.SizeOfOptionalHeader));
|
915
|
917
|
#endif
|
916
|
918
|
|
917
|
919
|
if (EC16(file_hdr.SizeOfOptionalHeader) < sizeof(struct pe_image_optional_hdr32)) {
|
...
|
...
|
@@ -987,29 +990,31 @@ int cli_scanpe(cli_ctx *ctx)
|
987
|
987
|
cli_dbgmsg("NumberOfRvaAndSizes: %d\n", EC32(optional_hdr32.NumberOfRvaAndSizes));
|
988
|
988
|
dirs = optional_hdr32.DataDirectory;
|
989
|
989
|
#if HAVE_JSON
|
990
|
|
- cli_jsonint(pe_json, "MajorLinkerVersion", optional_hdr32.MajorLinkerVersion);
|
991
|
|
- cli_jsonint(pe_json, "MinorLinkerVersion", optional_hdr32.MinorLinkerVersion);
|
992
|
|
- cli_jsonint(pe_json, "SizeOfCode", EC32(optional_hdr32.SizeOfCode));
|
993
|
|
- cli_jsonint(pe_json, "SizeOfInitializedData", EC32(optional_hdr32.SizeOfInitializedData));
|
994
|
|
- cli_jsonint(pe_json, "SizeOfUninitializedData", EC32(optional_hdr32.SizeOfUninitializedData));
|
995
|
|
- cli_jsonint(pe_json, "NumberOfRvaAndSizes", EC32(optional_hdr32.NumberOfRvaAndSizes));
|
996
|
|
- cli_jsonint(pe_json, "MajorSubsystemVersion", EC16(optional_hdr32.MajorSubsystemVersion));
|
997
|
|
- cli_jsonint(pe_json, "MinorSubsystemVersion", EC16(optional_hdr32.MinorSubsystemVersion));
|
|
990
|
+ if (pe_json != NULL) {
|
|
991
|
+ cli_jsonint(pe_json, "MajorLinkerVersion", optional_hdr32.MajorLinkerVersion);
|
|
992
|
+ cli_jsonint(pe_json, "MinorLinkerVersion", optional_hdr32.MinorLinkerVersion);
|
|
993
|
+ cli_jsonint(pe_json, "SizeOfCode", EC32(optional_hdr32.SizeOfCode));
|
|
994
|
+ cli_jsonint(pe_json, "SizeOfInitializedData", EC32(optional_hdr32.SizeOfInitializedData));
|
|
995
|
+ cli_jsonint(pe_json, "SizeOfUninitializedData", EC32(optional_hdr32.SizeOfUninitializedData));
|
|
996
|
+ cli_jsonint(pe_json, "NumberOfRvaAndSizes", EC32(optional_hdr32.NumberOfRvaAndSizes));
|
|
997
|
+ cli_jsonint(pe_json, "MajorSubsystemVersion", EC16(optional_hdr32.MajorSubsystemVersion));
|
|
998
|
+ cli_jsonint(pe_json, "MinorSubsystemVersion", EC16(optional_hdr32.MinorSubsystemVersion));
|
998
|
999
|
|
999
|
|
- snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr32.BaseOfCode));
|
1000
|
|
- cli_jsonstr(pe_json, "BaseOfCode", jsonbuf);
|
|
1000
|
+ snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr32.BaseOfCode));
|
|
1001
|
+ cli_jsonstr(pe_json, "BaseOfCode", jsonbuf);
|
1001
|
1002
|
|
1002
|
|
- snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr32.SectionAlignment));
|
1003
|
|
- cli_jsonstr(pe_json, "SectionAlignment", jsonbuf);
|
|
1003
|
+ snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr32.SectionAlignment));
|
|
1004
|
+ cli_jsonstr(pe_json, "SectionAlignment", jsonbuf);
|
1004
|
1005
|
|
1005
|
|
- snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr32.FileAlignment));
|
1006
|
|
- cli_jsonstr(pe_json, "FileAlignment", jsonbuf);
|
|
1006
|
+ snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr32.FileAlignment));
|
|
1007
|
+ cli_jsonstr(pe_json, "FileAlignment", jsonbuf);
|
1007
|
1008
|
|
1008
|
|
- snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr32.SizeOfImage));
|
1009
|
|
- cli_jsonstr(pe_json, "SizeOfImage", jsonbuf);
|
|
1009
|
+ snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr32.SizeOfImage));
|
|
1010
|
+ cli_jsonstr(pe_json, "SizeOfImage", jsonbuf);
|
1010
|
1011
|
|
1011
|
|
- snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", hdr_size);
|
1012
|
|
- cli_jsonstr(pe_json, "SizeOfHeaders", jsonbuf);
|
|
1012
|
+ snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", hdr_size);
|
|
1013
|
+ cli_jsonstr(pe_json, "SizeOfHeaders", jsonbuf);
|
|
1014
|
+ }
|
1013
|
1015
|
#endif
|
1014
|
1016
|
|
1015
|
1017
|
} else { /* PE+ */
|
...
|
...
|
@@ -1045,36 +1050,39 @@ int cli_scanpe(cli_ctx *ctx)
|
1045
|
1045
|
cli_dbgmsg("NumberOfRvaAndSizes: %d\n", EC32(optional_hdr64.NumberOfRvaAndSizes));
|
1046
|
1046
|
dirs = optional_hdr64.DataDirectory;
|
1047
|
1047
|
#if HAVE_JSON
|
1048
|
|
- cli_jsonint(pe_json, "MajorLinkerVersion", optional_hdr64.MajorLinkerVersion);
|
1049
|
|
- cli_jsonint(pe_json, "MinorLinkerVersion", optional_hdr64.MinorLinkerVersion);
|
1050
|
|
- cli_jsonint(pe_json, "SizeOfCode", EC32(optional_hdr64.SizeOfCode));
|
1051
|
|
- cli_jsonint(pe_json, "SizeOfInitializedData", EC32(optional_hdr64.SizeOfInitializedData));
|
1052
|
|
- cli_jsonint(pe_json, "SizeOfUninitializedData", EC32(optional_hdr64.SizeOfUninitializedData));
|
1053
|
|
- cli_jsonint(pe_json, "NumberOfRvaAndSizes", EC32(optional_hdr64.NumberOfRvaAndSizes));
|
1054
|
|
- cli_jsonint(pe_json, "MajorSubsystemVersion", EC16(optional_hdr64.MajorSubsystemVersion));
|
1055
|
|
- cli_jsonint(pe_json, "MinorSubsystemVersion", EC16(optional_hdr64.MinorSubsystemVersion));
|
|
1048
|
+ if (pe_json != NULL) {
|
|
1049
|
+ cli_jsonint(pe_json, "MajorLinkerVersion", optional_hdr64.MajorLinkerVersion);
|
|
1050
|
+ cli_jsonint(pe_json, "MinorLinkerVersion", optional_hdr64.MinorLinkerVersion);
|
|
1051
|
+ cli_jsonint(pe_json, "SizeOfCode", EC32(optional_hdr64.SizeOfCode));
|
|
1052
|
+ cli_jsonint(pe_json, "SizeOfInitializedData", EC32(optional_hdr64.SizeOfInitializedData));
|
|
1053
|
+ cli_jsonint(pe_json, "SizeOfUninitializedData", EC32(optional_hdr64.SizeOfUninitializedData));
|
|
1054
|
+ cli_jsonint(pe_json, "NumberOfRvaAndSizes", EC32(optional_hdr64.NumberOfRvaAndSizes));
|
|
1055
|
+ cli_jsonint(pe_json, "MajorSubsystemVersion", EC16(optional_hdr64.MajorSubsystemVersion));
|
|
1056
|
+ cli_jsonint(pe_json, "MinorSubsystemVersion", EC16(optional_hdr64.MinorSubsystemVersion));
|
1056
|
1057
|
|
1057
|
|
- snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr64.BaseOfCode));
|
1058
|
|
- cli_jsonstr(pe_json, "BaseOfCode", jsonbuf);
|
|
1058
|
+ snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr64.BaseOfCode));
|
|
1059
|
+ cli_jsonstr(pe_json, "BaseOfCode", jsonbuf);
|
1059
|
1060
|
|
1060
|
|
- snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr64.SectionAlignment));
|
1061
|
|
- cli_jsonstr(pe_json, "SectionAlignment", jsonbuf);
|
|
1061
|
+ snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr64.SectionAlignment));
|
|
1062
|
+ cli_jsonstr(pe_json, "SectionAlignment", jsonbuf);
|
1062
|
1063
|
|
1063
|
|
- snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr64.FileAlignment));
|
1064
|
|
- cli_jsonstr(pe_json, "FileAlignment", jsonbuf);
|
|
1064
|
+ snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr64.FileAlignment));
|
|
1065
|
+ cli_jsonstr(pe_json, "FileAlignment", jsonbuf);
|
1065
|
1066
|
|
1066
|
|
- snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr64.SizeOfImage));
|
1067
|
|
- cli_jsonstr(pe_json, "SizeOfImage", jsonbuf);
|
|
1067
|
+ snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", EC32(optional_hdr64.SizeOfImage));
|
|
1068
|
+ cli_jsonstr(pe_json, "SizeOfImage", jsonbuf);
|
1068
|
1069
|
|
1069
|
|
- snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", hdr_size);
|
1070
|
|
- cli_jsonstr(pe_json, "SizeOfHeaders", jsonbuf);
|
|
1070
|
+ snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", hdr_size);
|
|
1071
|
+ cli_jsonstr(pe_json, "SizeOfHeaders", jsonbuf);
|
|
1072
|
+ }
|
1071
|
1073
|
#endif
|
1072
|
1074
|
}
|
1073
|
1075
|
|
1074
|
1076
|
#if HAVE_JSON
|
1075
|
1077
|
if (ctx->options & CL_SCAN_FILE_PROPERTIES) {
|
1076
|
1078
|
snprintf(jsonbuf, sizeof(jsonbuf), "0x%x", vep);
|
1077
|
|
- cli_jsonstr(pe_json, "EntryPoint", jsonbuf);
|
|
1079
|
+ if (pe_json != NULL)
|
|
1080
|
+ cli_jsonstr(pe_json, "EntryPoint", jsonbuf);
|
1078
|
1081
|
}
|
1079
|
1082
|
#endif
|
1080
|
1083
|
|
...
|
...
|
@@ -1130,7 +1138,8 @@ int cli_scanpe(cli_ctx *ctx)
|
1130
|
1130
|
cli_dbgmsg("Subsystem: %s\n", subsystem);
|
1131
|
1131
|
|
1132
|
1132
|
#if HAVE_JSON
|
1133
|
|
- cli_jsonstr(pe_json, "Subsystem", subsystem);
|
|
1133
|
+ if (pe_json != NULL)
|
|
1134
|
+ cli_jsonstr(pe_json, "Subsystem", subsystem);
|
1134
|
1135
|
#endif
|
1135
|
1136
|
|
1136
|
1137
|
cli_dbgmsg("------------------------------------\n");
|
...
|
...
|
@@ -1195,7 +1204,8 @@ int cli_scanpe(cli_ctx *ctx)
|
1195
|
1195
|
hdr_size = PESALIGN(hdr_size, valign); /* Aligned headers virtual size */
|
1196
|
1196
|
|
1197
|
1197
|
#if HAVE_JSON
|
1198
|
|
- cli_jsonint(pe_json, "NumberOfSections", nsections);
|
|
1198
|
+ if (pe_json != NULL)
|
|
1199
|
+ cli_jsonint(pe_json, "NumberOfSections", nsections);
|
1199
|
1200
|
#endif
|
1200
|
1201
|
|
1201
|
1202
|
while (rescan==1) {
|
...
|
...
|
@@ -1374,7 +1384,8 @@ int cli_scanpe(cli_ctx *ctx)
|
1374
|
1374
|
}
|
1375
|
1375
|
|
1376
|
1376
|
#if HAVE_JSON
|
1377
|
|
- cli_jsonint(pe_json, "EntryPointOffset", ep);
|
|
1377
|
+ if (pe_json != NULL)
|
|
1378
|
+ cli_jsonint(pe_json, "EntryPointOffset", ep);
|
1378
|
1379
|
|
1379
|
1380
|
if (cli_json_timeout_cycle_check(ctx, &toval) != CL_SUCCESS) {
|
1380
|
1381
|
return CL_ETIMEOUT;
|
...
|
...
|
@@ -1750,7 +1761,8 @@ int cli_scanpe(cli_ctx *ctx)
|
1750
|
1750
|
found = 1;
|
1751
|
1751
|
cli_dbgmsg("UPX/FSG/MEW: empty section found - assuming compression\n");
|
1752
|
1752
|
#if HAVE_JSON
|
1753
|
|
- cli_jsonbool(pe_json, "HasEmptySection", 1);
|
|
1753
|
+ if (pe_json != NULL)
|
|
1754
|
+ cli_jsonbool(pe_json, "HasEmptySection", 1);
|
1754
|
1755
|
#endif
|
1755
|
1756
|
break;
|
1756
|
1757
|
}
|
...
|
...
|
@@ -1832,7 +1844,8 @@ int cli_scanpe(cli_ctx *ctx)
|
1832
|
1832
|
}
|
1833
|
1833
|
|
1834
|
1834
|
#if HAVE_JSON
|
1835
|
|
- cli_jsonstr(pe_json, "Packer", "MEW");
|
|
1835
|
+ if (pe_json != NULL)
|
|
1836
|
+ cli_jsonstr(pe_json, "Packer", "MEW");
|
1836
|
1837
|
#endif
|
1837
|
1838
|
|
1838
|
1839
|
CLI_UNPTEMP("MEW",(src,exe_sections,0));
|
...
|
...
|
@@ -1944,7 +1957,8 @@ int cli_scanpe(cli_ctx *ctx)
|
1944
|
1944
|
}
|
1945
|
1945
|
|
1946
|
1946
|
#if HAVE_JSON
|
1947
|
|
- cli_jsonstr(pe_json, "Packer", "Upack");
|
|
1947
|
+ if (pe_json != NULL)
|
|
1948
|
+ cli_jsonstr(pe_json, "Packer", "Upack");
|
1948
|
1949
|
#endif
|
1949
|
1950
|
|
1950
|
1951
|
CLI_UNPTEMP("Upack",(dest,exe_sections,0));
|
...
|
...
|
@@ -2030,7 +2044,8 @@ int cli_scanpe(cli_ctx *ctx)
|
2030
|
2030
|
}
|
2031
|
2031
|
|
2032
|
2032
|
#if HAVE_JSON
|
2033
|
|
- cli_jsonstr(pe_json, "Packer", "FSG");
|
|
2033
|
+ if (pe_json != NULL)
|
|
2034
|
+ cli_jsonstr(pe_json, "Packer", "FSG");
|
2034
|
2035
|
#endif
|
2035
|
2036
|
|
2036
|
2037
|
CLI_UNPTEMP("FSG",(dest,exe_sections,0));
|
...
|
...
|
@@ -2137,7 +2152,8 @@ int cli_scanpe(cli_ctx *ctx)
|
2137
|
2137
|
cli_dbgmsg("FSG: found old EP @%x\n", oldep);
|
2138
|
2138
|
|
2139
|
2139
|
#if HAVE_JSON
|
2140
|
|
- cli_jsonstr(pe_json, "Packer", "FSG");
|
|
2140
|
+ if (pe_json != NULL)
|
|
2141
|
+ cli_jsonstr(pe_json, "Packer", "FSG");
|
2141
|
2142
|
#endif
|
2142
|
2143
|
|
2143
|
2144
|
CLI_UNPTEMP("FSG",(dest,sections,exe_sections,0));
|
...
|
...
|
@@ -2239,7 +2255,8 @@ int cli_scanpe(cli_ctx *ctx)
|
2239
|
2239
|
cli_dbgmsg("FSG: found old EP @%x\n", oldep);
|
2240
|
2240
|
|
2241
|
2241
|
#if HAVE_JSON
|
2242
|
|
- cli_jsonstr(pe_json, "Packer", "FSG");
|
|
2242
|
+ if (pe_json != NULL)
|
|
2243
|
+ cli_jsonstr(pe_json, "Packer", "FSG");
|
2243
|
2244
|
#endif
|
2244
|
2245
|
|
2245
|
2246
|
CLI_UNPTEMP("FSG",(dest,sections,exe_sections,0));
|
...
|
...
|
@@ -2381,7 +2398,8 @@ int cli_scanpe(cli_ctx *ctx)
|
2381
|
2381
|
|
2382
|
2382
|
CLI_UNPTEMP("UPX/FSG",(dest,0));
|
2383
|
2383
|
#if HAVE_JSON
|
2384
|
|
- cli_jsonstr(pe_json, "Packer", "UPX");
|
|
2384
|
+ if (pe_json != NULL)
|
|
2385
|
+ cli_jsonstr(pe_json, "Packer", "UPX");
|
2385
|
2386
|
#endif
|
2386
|
2387
|
|
2387
|
2388
|
if((unsigned int) write(ndesc, dest, dsize) != dsize) {
|
...
|
...
|
@@ -2480,7 +2498,8 @@ out_no_petite:
|
2480
|
2480
|
}
|
2481
|
2481
|
|
2482
|
2482
|
#if HAVE_JSON
|
2483
|
|
- cli_jsonstr(pe_json, "Packer", "Petite");
|
|
2483
|
+ if (pe_json != NULL)
|
|
2484
|
+ cli_jsonstr(pe_json, "Packer", "Petite");
|
2484
|
2485
|
#endif
|
2485
|
2486
|
|
2486
|
2487
|
CLI_UNPTEMP("Petite",(dest,exe_sections,0));
|
...
|
...
|
@@ -2513,7 +2532,8 @@ out_no_petite:
|
2513
|
2513
|
}
|
2514
|
2514
|
|
2515
|
2515
|
#if HAVE_JSON
|
2516
|
|
- cli_jsonstr(pe_json, "Packer", "PEspin");
|
|
2516
|
+ if (pe_json != NULL)
|
|
2517
|
+ cli_jsonstr(pe_json, "Packer", "PEspin");
|
2517
|
2518
|
#endif
|
2518
|
2519
|
|
2519
|
2520
|
CLI_UNPTEMP("PESpin",(spinned,exe_sections,0));
|
...
|
...
|
@@ -2581,7 +2601,8 @@ out_no_petite:
|
2581
|
2581
|
}
|
2582
|
2582
|
|
2583
|
2583
|
#if HAVE_JSON
|
2584
|
|
- cli_jsonstr(pe_json, "Packer", "yC");
|
|
2584
|
+ if (pe_json != NULL)
|
|
2585
|
+ cli_jsonstr(pe_json, "Packer", "yC");
|
2585
|
2586
|
#endif
|
2586
|
2587
|
|
2587
|
2588
|
do {
|
...
|
...
|
@@ -2678,7 +2699,8 @@ out_no_petite:
|
2678
|
2678
|
}
|
2679
|
2679
|
|
2680
|
2680
|
#if HAVE_JSON
|
2681
|
|
- cli_jsonstr(pe_json, "Packer", "WWPack");
|
|
2681
|
+ if (pe_json != NULL)
|
|
2682
|
+ cli_jsonstr(pe_json, "Packer", "WWPack");
|
2682
|
2683
|
#endif
|
2683
|
2684
|
|
2684
|
2685
|
CLI_UNPTEMP("WWPack",(src,packer,exe_sections,0));
|
...
|
...
|
@@ -2725,7 +2747,8 @@ out_no_petite:
|
2725
|
2725
|
}
|
2726
|
2726
|
|
2727
|
2727
|
#if HAVE_JSON
|
2728
|
|
- cli_jsonstr(pe_json, "Packer", "Aspack");
|
|
2728
|
+ if (pe_json != NULL)
|
|
2729
|
+ cli_jsonstr(pe_json, "Packer", "Aspack");
|
2729
|
2730
|
#endif
|
2730
|
2731
|
|
2731
|
2732
|
CLI_UNPTEMP("Aspack",(src,exe_sections,0));
|
...
|
...
|
@@ -2808,7 +2831,8 @@ out_no_petite:
|
2808
|
2808
|
cli_dbgmsg("NsPack: OEP = %08x\n", eprva);
|
2809
|
2809
|
|
2810
|
2810
|
#if HAVE_JSON
|
2811
|
|
- cli_jsonstr(pe_json, "Packer", "NsPack");
|
|
2811
|
+ if (pe_json != NULL)
|
|
2812
|
+ cli_jsonstr(pe_json, "Packer", "NsPack");
|
2812
|
2813
|
#endif
|
2813
|
2814
|
|
2814
|
2815
|
CLI_UNPTEMP("NsPack",(dest,exe_sections,0));
|