Borland IMAGE_RESOURCE_DIRECTORY TimeDateStamp incorrectly decoded #42
Comments
|
hi @ignacioj ! |
|
As a side note: there is a delay of exactly six hours between the FILE_HEADER and RESOURCE_DIRECTORY timestamp. I know that these timestamps should always be considered UTC. I have no more data on the Borland C++ compiler nor any more executables obtained with that compiler, so I ask you this question in case you know, is this delay due to the fact that a timestamp is created in UTC and the other in local time? It would be strange but very interesting. |
|
I have not found information on Borland C++ executables but if the MS DOS timestamp format is local time I assume that the Borland Compiler follows that specification. |
|
I also think it is a local time. That would make sense. Anyways, I am planning to make some testcases compiled with Borland C++, and will check it just to be sure. |
|
@ignacioj - my tests confirmed that it is a local time. |
|
I see that now it displays: Monday, 18.07.2005 13:43:40 (Local) |
|
@ignacioj - you are right that the "Local" may be misinterpreted by the user. I changed it to "Compiler Local Time". Check it out. |
|
Checked! Thank you! |
The IMAGE_RESOURCE_DIRECTORY TimeDateStamp of a Borland C++ compiled DLL is not decoded as MS DOS Timedatestamp. The IMAGE_FILE_HEADER TimeDateStamp is decoded correctly, 0x42db5dac (2005/07/18 07:43:40), but the IMAGE_RESOURCE_DIRECTORY TimeDateStamp value 0x32f26d74 is decoded as 1997/01/31 22:08:52 instead of 2005/07/18 13:43:40.
As far as I know Visual Studio never sets the IMAGE_RESOURCE_DIRECTORY TimeDateStamp so I suggest either always decode that value as MS DOS Timestamp or show both decodings, Epoch and MS DOS.
File: unrar.dll (SHA1: 1195ee4a5e1c19daf13ded219ba874e903f49a48)
https://www.virustotal.com/gui/file/f0055ca904b9641f889c81ca72a485c92305363dfef12edc569cf2ca0e4bb0d0/details
The text was updated successfully, but these errors were encountered: