From d8dc3768fc3b8562ec6fa0b91089d21bce5d176e Mon Sep 17 00:00:00 2001
From: Mike Cohen <scudette@users.noreply.github.com>
Date: Wed, 20 Mar 2024 01:55:56 +1000
Subject: [PATCH] Modify the VersionInfo in the release build to include the
 version. (#3353)

---
 .../Server/Internal/ToolDependencies.yaml     |  12 ++--
 .../testdata/server/testcases/mft.out.yaml    |  15 ++--
 .../server/testcases/ntfs_ea.out.yaml         |  54 ++++++++++-----
 .../server/testcases/remapping.out.yaml       |  26 +++++--
 bin/rsrc_windows_386.syso                     | Bin 18530 -> 18370 bytes
 bin/rsrc_windows_amd64.syso                   | Bin 18530 -> 18370 bytes
 docs/winres/winres.json                       |  12 ++--
 docs/winres/winres_template.json              |  60 ++++++++++++++++
 go.mod                                        |   2 +-
 go.sum                                        |   2 +
 magefile.go                                   |  65 +++++++++++++++++-
 vql/parsers/ntfs.go                           |  27 ++++----
 12 files changed, 216 insertions(+), 59 deletions(-)
 create mode 100644 docs/winres/winres_template.json

diff --git a/artifacts/definitions/Server/Internal/ToolDependencies.yaml b/artifacts/definitions/Server/Internal/ToolDependencies.yaml
index a0ecff51130..c79fa8b14d0 100644
--- a/artifacts/definitions/Server/Internal/ToolDependencies.yaml
+++ b/artifacts/definitions/Server/Internal/ToolDependencies.yaml
@@ -7,17 +7,17 @@ description: |
 
 tools:
   - name: VelociraptorWindows
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72.0/velociraptor-v0.72-rc1-windows-amd64.exe
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72-rc1-windows-amd64.exe
     serve_locally: true
     version: 0.72-rc1
 
   - name: VelociraptorWindows_x86
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72.0/velociraptor-v0.72-rc1-windows-386.exe
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72-rc1-windows-386.exe
     serve_locally: true
     version: 0.72-rc1
 
   - name: VelociraptorLinux
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72.0/velociraptor-v0.72-rc1-linux-amd64-musl
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72-rc1-linux-amd64-musl
     serve_locally: true
     version: 0.72-rc1
 
@@ -27,15 +27,15 @@ tools:
 
   # A Generic collector to be used with the --embedded_config flag.
   - name: VelociraptorCollector
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72.0/velociraptor-collector
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-collector
     serve_locally: true
 
   - name: VelociraptorWindowsMSI
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72.0/velociraptor-v0.72-rc1-windows-amd64.msi
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72-rc1-windows-amd64.msi
     serve_locally: true
     version: 0.72-rc1
 
   - name: VelociraptorWindows_x86MSI
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72.0/velociraptor-v0.72-rc1-windows-386.msi
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72-rc1-windows-386.msi
     serve_locally: true
     version: 0.72-rc1
diff --git a/artifacts/testdata/server/testcases/mft.out.yaml b/artifacts/testdata/server/testcases/mft.out.yaml
index 56087464d99..f38d4243436 100644
--- a/artifacts/testdata/server/testcases/mft.out.yaml
+++ b/artifacts/testdata/server/testcases/mft.out.yaml
@@ -214,7 +214,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 0,
      "Inode": "49-16-0",
      "Size": 72,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$FILE_NAME",
@@ -222,7 +223,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 2,
      "Inode": "49-48-2",
      "Size": 96,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$DATA",
@@ -230,7 +232,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 1,
      "Inode": "49-128-1",
      "Size": 12,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$EA_INFORMATION",
@@ -238,7 +241,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 3,
      "Inode": "49-208-3",
      "Size": 8,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$EA",
@@ -246,7 +250,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 4,
      "Inode": "49-224-4",
      "Size": 10268,
-     "Name": ""
+     "Name": "",
+     "Resident": false
     }
    ],
    "Hardlinks": [
diff --git a/artifacts/testdata/server/testcases/ntfs_ea.out.yaml b/artifacts/testdata/server/testcases/ntfs_ea.out.yaml
index edc54260cce..4f696f9ac33 100644
--- a/artifacts/testdata/server/testcases/ntfs_ea.out.yaml
+++ b/artifacts/testdata/server/testcases/ntfs_ea.out.yaml
@@ -35,7 +35,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 0,
      "Inode": "37-16-0",
      "Size": 72,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$FILE_NAME",
@@ -43,7 +44,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 2,
      "Inode": "37-48-2",
      "Size": 98,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$DATA",
@@ -51,7 +53,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 1,
      "Inode": "37-128-1",
      "Size": 14,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$EA_INFORMATION",
@@ -59,7 +62,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 3,
      "Inode": "37-208-3",
      "Size": 8,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$EA",
@@ -67,7 +71,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 4,
      "Inode": "37-224-4",
      "Size": 92,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     }
    ],
    "Hardlinks": [
@@ -88,7 +93,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
    "Id": 4,
    "Inode": "37-224-4",
    "Size": 92,
-   "Name": ""
+   "Name": "",
+   "Resident": true
   },
   "_Source": "Windows.NTFS.ExtendedAttributes"
  },
@@ -128,7 +134,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 0,
      "Inode": "37-16-0",
      "Size": 72,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$FILE_NAME",
@@ -136,7 +143,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 2,
      "Inode": "37-48-2",
      "Size": 98,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$DATA",
@@ -144,7 +152,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 1,
      "Inode": "37-128-1",
      "Size": 14,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$EA_INFORMATION",
@@ -152,7 +161,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 3,
      "Inode": "37-208-3",
      "Size": 8,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$EA",
@@ -160,7 +170,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 4,
      "Inode": "37-224-4",
      "Size": 92,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     }
    ],
    "Hardlinks": [
@@ -181,7 +192,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
    "Id": 4,
    "Inode": "37-224-4",
    "Size": 92,
-   "Name": ""
+   "Name": "",
+   "Resident": true
   },
   "_Source": "Windows.NTFS.ExtendedAttributes"
  }
@@ -222,7 +234,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 0,
      "Inode": "49-16-0",
      "Size": 72,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$FILE_NAME",
@@ -230,7 +243,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 2,
      "Inode": "49-48-2",
      "Size": 96,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$DATA",
@@ -238,7 +252,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 1,
      "Inode": "49-128-1",
      "Size": 12,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$EA_INFORMATION",
@@ -246,7 +261,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 3,
      "Inode": "49-208-3",
      "Size": 8,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$EA",
@@ -254,7 +270,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 4,
      "Inode": "49-224-4",
      "Size": 10268,
-     "Name": ""
+     "Name": "",
+     "Resident": false
     }
    ],
    "Hardlinks": [
@@ -275,7 +292,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
    "Id": 4,
    "Inode": "49-224-4",
    "Size": 10268,
-   "Name": ""
+   "Name": "",
+   "Resident": false
   },
   "_Source": "Windows.NTFS.ExtendedAttributes"
  }
diff --git a/artifacts/testdata/server/testcases/remapping.out.yaml b/artifacts/testdata/server/testcases/remapping.out.yaml
index 921273fa1c9..2c0551adea9 100644
--- a/artifacts/testdata/server/testcases/remapping.out.yaml
+++ b/artifacts/testdata/server/testcases/remapping.out.yaml
@@ -127,7 +127,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 0,
      "Inode": "46-16-0",
      "Size": 72,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$FILE_NAME",
@@ -135,7 +136,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 3,
      "Inode": "46-48-3",
      "Size": 124,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$OBJECT_ID",
@@ -143,7 +145,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 4,
      "Inode": "46-64-4",
      "Size": 16,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$DATA",
@@ -151,7 +154,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 1,
      "Inode": "46-128-1",
      "Size": 12,
-     "Name": ""
+     "Name": "",
+     "Resident": true
     },
     {
      "Type": "$DATA",
@@ -159,7 +163,8 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
      "Id": 5,
      "Inode": "46-128-5",
      "Size": 20,
-     "Name": "goodbye.txt"
+     "Name": "goodbye.txt",
+     "Resident": true
     }
    ],
    "Hardlinks": [
@@ -190,9 +195,16 @@ LET _ <= remap(config=format(format=RemappingTemplate, args=[ srcDir+'/artifacts
  }
 ]SELECT * FROM parse_ntfs_ranges(accessor='ntfs', device='c:/$MFT', inode="46-128-5")[
  {
-  "Offset": 0,
+  "Type": "MappedReader",
+  "Level": 0,
+  "FromOffset": 0,
+  "ToOffset": 0,
   "Length": 20,
-  "IsSparse": false
+  "CompressedLength": 0,
+  "IsSparse": false,
+  "ClusterSize": 1,
+  "Reader": "*bytes.Reader",
+  "String": " 0 MappedReader: FileOffset 0 -\u003e DiskOffset 0 (Length 20,  Cluster 1) Delegate *bytes.Reader"
  }
 ]SELECT OSPath FROM glob(accessor='registry', globs="/HKLM/*/xbox*")[
  {
diff --git a/bin/rsrc_windows_386.syso b/bin/rsrc_windows_386.syso
index 76728c1a19e419cc434372050ca877726373017d..291930b85d3117f9c2e7afa85f182839f868441b 100644
GIT binary patch
delta 163
zcmaDff$>m3BbN^&BLfJmai7Q~#pU77z+eO9wYYE8Q(_d1VFt^A2@Pik2I<X-jEn6U
zV<xjY=<|92g+Y43^khc|dB$Cn6CIQpr%i5kIL~avz&SbGQI_9;L65<l!3ao#ScaR6
g9c>wz&47}dofI)7FFT!P+??oon2C{LvXX}b0MHm9h5!Hn

delta 316
zcmX@q&-iEpBbN^&BLfKdcueGy;(FoEz+eO9sd#MEQ(_dfVFt^A2@YolhI^Y685i3z
z+DvA3(C0-+0a=qB9po8jO-^)BW-OcB>TsS}iGgu)xTEam7DpRKW;Gz^u#@8EFHWZz
z>lGAiic1R$@{3ARQ~ZM!JX36ystwc3%*~R`&2%jcQVn%YjEpUHElrb>bS;ci4ARU}
z3{n!!EoznY?YI=c0Mh`IM58n#i&SG>Q{yB{T@w=%L*1lA%VgaYGs_f{M3Y3bRAZ<C
zRya&BHZ?T1NU}`SHBGTJ(=|y;O3}4QHA>M<G%_(UFfuYtvozkk#pNv1<Q8{300lx(
A1ONa4

diff --git a/bin/rsrc_windows_amd64.syso b/bin/rsrc_windows_amd64.syso
index 8c463529b9673f655d8abb008c6f31ef678a829a..6d127526fcf3248561fc553c6b62ec5f3873aae9 100644
GIT binary patch
delta 163
zcmaDff$>m3BUefrBLfJmai7Q~#pU77z+eO9wYYE8Q(_d1VFt^A2@Pik2I<X-jEn6U
zV<xjY=<|92g+Y43^khc|dB$Cn6CIQpr%i5kIL~avz&SbGQI_9;L65<l!3ao#ScaR6
g9c>wz&47}dofI)7FFT!P+??oon2C{LvXX}b0547<BLDyZ

delta 316
zcmX@q&-iEpBUefrBLfKdcueGy;(FoEz+eO9sd#MEQ(_dfVFt^A2@YolhI^Y685i3z
z+DvA3(C0-+0a=qB9po8jO-^)BW-OcB>TsS}iGgu)xTEam7DpRKW;Gz^u#@8EFHWZz
z>lGAiic1R$@{3ARQ~ZM!JX36ystwc3%*~R`&2%jcQVn%YjEpUHElrb>bS;ci4ARU}
z3{n!!EoznY?YI=c0Mh`IM58n#i&SG>Q{yB{T@w=%L*1lA%VgaYGs_f{M3Y3bRAZ<C
zRya&BHZ?T1NU}`SHBGTJ(=|y;O3}4QHA>M<G%_(UFfuYtvozkk#pNv1<Q8{30Kz^|
Ap#T5?

diff --git a/docs/winres/winres.json b/docs/winres/winres.json
index 81d6b4cc24e..7e695c550fd 100644
--- a/docs/winres/winres.json
+++ b/docs/winres/winres.json
@@ -11,10 +11,10 @@
       "0409": {
         "identity": {
           "name": "",
-          "version": ""
+          "version": "0.72.0.1"
         },
         "description": "Velociraptor: Digging deeper!",
-        "minimum-os": "win7",
+        "minimum-os": "win10",
         "execution-level": "highest",
         "ui-access": false,
         "auto-elevate": false,
@@ -35,22 +35,22 @@
     "#1": {
       "0000": {
         "fixed": {
-          "file_version": "0.0.0.0",
-          "product_version": "0.0.0.0"
+          "file_version": "0.72.0.1",
+          "product_version": "0.72.0.1"
         },
         "info": {
           "0409": {
             "Comments": "",
             "CompanyName": "Rapid 7 Inc",
             "FileDescription": "Velociraptor: Digging Deeper!",
-            "FileVersion": "",
+            "FileVersion": "0.72.0.1",
             "InternalName": "",
             "LegalCopyright": "Rapid 7 Inc",
             "LegalTrademarks": "",
             "OriginalFilename": "Velociraptor.exe",
             "PrivateBuild": "",
             "ProductName": "Velociraptor",
-            "ProductVersion": "",
+            "ProductVersion": "0.72.0.1",
             "SpecialBuild": ""
           }
         }
diff --git a/docs/winres/winres_template.json b/docs/winres/winres_template.json
new file mode 100644
index 00000000000..c7247fa6004
--- /dev/null
+++ b/docs/winres/winres_template.json
@@ -0,0 +1,60 @@
+{
+  "RT_GROUP_ICON": {
+    "APP": {
+      "0000": [
+        "icon.png"
+      ]
+    }
+  },
+  "RT_MANIFEST": {
+    "#1": {
+      "0409": {
+        "identity": {
+          "name": "",
+          "version": "0.0.0.0"
+        },
+        "description": "Velociraptor: Digging deeper!",
+        "minimum-os": "win10",
+        "execution-level": "highest",
+        "ui-access": false,
+        "auto-elevate": false,
+        "dpi-awareness": "system",
+        "disable-theming": false,
+        "disable-window-filtering": false,
+        "high-resolution-scrolling-aware": false,
+        "ultra-high-resolution-scrolling-aware": false,
+        "long-path-aware": true,
+        "printer-driver-isolation": false,
+        "gdi-scaling": false,
+        "segment-heap": false,
+        "use-common-controls-v6": false
+      }
+    }
+  },
+  "RT_VERSION": {
+    "#1": {
+      "0000": {
+        "fixed": {
+          "file_version": "0.0.0.0",
+          "product_version": "0.0.0.0"
+        },
+        "info": {
+          "0409": {
+            "Comments": "",
+            "CompanyName": "Rapid 7 Inc",
+            "FileDescription": "Velociraptor: Digging Deeper!",
+            "FileVersion": "0.0.0.0",
+            "InternalName": "",
+            "LegalCopyright": "Rapid 7 Inc",
+            "LegalTrademarks": "",
+            "OriginalFilename": "Velociraptor.exe",
+            "PrivateBuild": "",
+            "ProductName": "Velociraptor",
+            "ProductVersion": "0.0.0.0",
+            "SpecialBuild": ""
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/go.mod b/go.mod
index a00eff7d17d..1b11bda5202 100644
--- a/go.mod
+++ b/go.mod
@@ -95,7 +95,7 @@ require (
 	howett.net/plist v1.0.0
 	www.velocidex.com/golang/evtx v0.2.1-0.20220404133451-1fdf8be7325e
 	www.velocidex.com/golang/go-ese v0.2.1-0.20240207005444-85d57b555f8b
-	www.velocidex.com/golang/go-ntfs v0.1.2-0.20231201083609-cc79ced94180
+	www.velocidex.com/golang/go-ntfs v0.1.2-0.20240318162710-3e30ae29762c
 	www.velocidex.com/golang/go-pe v0.1.1-0.20230228112150-ef2eadf34bc3
 	www.velocidex.com/golang/go-prefetch v0.0.0-20220801101854-338dbe61982a
 	www.velocidex.com/golang/oleparse v0.0.0-20230217092320-383a0121aafe
diff --git a/go.sum b/go.sum
index d48a38f55ce..3c353febaa2 100644
--- a/go.sum
+++ b/go.sum
@@ -1334,6 +1334,8 @@ www.velocidex.com/golang/go-ese v0.2.1-0.20240207005444-85d57b555f8b h1:3pFfQuY3
 www.velocidex.com/golang/go-ese v0.2.1-0.20240207005444-85d57b555f8b/go.mod h1:6fC9T6UGLbM7icuA0ugomU5HbFC5XA5I30zlWtZT8YE=
 www.velocidex.com/golang/go-ntfs v0.1.2-0.20231201083609-cc79ced94180 h1:W2GJtqW0ardE+6phBbPK1023MT7onFwh/GSjwtbLc5E=
 www.velocidex.com/golang/go-ntfs v0.1.2-0.20231201083609-cc79ced94180/go.mod h1:itvbHQcnLdTVIDY6fI3lR0zeBwXwBYBdUFtswE0x1vc=
+www.velocidex.com/golang/go-ntfs v0.1.2-0.20240318162710-3e30ae29762c h1:5SadYJv8ARulOb9qRR7JXlHu7tP5jlW0q0ig9j/5da4=
+www.velocidex.com/golang/go-ntfs v0.1.2-0.20240318162710-3e30ae29762c/go.mod h1:itvbHQcnLdTVIDY6fI3lR0zeBwXwBYBdUFtswE0x1vc=
 www.velocidex.com/golang/go-pe v0.1.1-0.20220107093716-e91743c801de/go.mod h1:j9Xy8Z9wxzY2SCB8CqDkkoSzy+eUwevnOrRm/XM2q/A=
 www.velocidex.com/golang/go-pe v0.1.1-0.20230228112150-ef2eadf34bc3 h1:W394TEIFuHFxHY8mzTJPHI5v+M+NLKEHmHn7KY/VpEM=
 www.velocidex.com/golang/go-pe v0.1.1-0.20230228112150-ef2eadf34bc3/go.mod h1:agYwYzeeytVtdwkRrvxZAjgIA8SCeM/Tg7Ym2/jBwmA=
diff --git a/magefile.go b/magefile.go
index 7b95383c7f9..b60eb0779ab 100644
--- a/magefile.go
+++ b/magefile.go
@@ -1,4 +1,5 @@
-//+build mage
+//go:build mage
+// +build mage
 
 /*
    Velociraptor - Dig Deeper
@@ -22,12 +23,14 @@ package main
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
 	"runtime"
+	"strconv"
 	"strings"
 	"time"
 
@@ -185,6 +188,11 @@ func Release() error {
 		return err
 	}
 
+	err = UpdateVersionInfo()
+	if err != nil {
+		return err
+	}
+
 	err = build_gui_files()
 	if err != nil {
 		return err
@@ -520,7 +528,7 @@ func replace_string_in_file(filename string, old string, new string) error {
 		return err
 	}
 	newContents := strings.Replace(string(read), old, new, -1)
-	return ioutil.WriteFile(filename, []byte(newContents), 0)
+	return ioutil.WriteFile(filename, []byte(newContents), 0644)
 }
 
 func timestamp_of(path string) int64 {
@@ -566,8 +574,59 @@ func UpdateDependentTools() error {
 
 	data = bytes.ReplaceAll(data, []byte("<VERSION>"), []byte(constants.VERSION))
 	data = bytes.ReplaceAll(data, []byte("<VERSION_BARE>"),
-		[]byte(fmt.Sprintf("%d.%d.%d", v.Major(), v.Minor(), v.Patch())))
+		[]byte(fmt.Sprintf("%d.%d", v.Major(), v.Minor())))
 
 	_, err = outfd.Write(data)
 	return err
 }
+
+func UpdateVersionInfo() error {
+	read, err := ioutil.ReadFile("docs/winres/winres_template.json")
+	if err != nil {
+		return err
+	}
+
+	v, err := semver.NewVersion(constants.VERSION)
+	if err != nil {
+		return err
+	}
+
+	var prerelease int64
+	prerelease_str := v.Prerelease()
+	if prerelease_str != "" {
+		if !strings.HasPrefix(prerelease_str, "rc") {
+			return errors.New("Prerelease version should start with rc")
+		}
+
+		prerelease, err = strconv.ParseInt(prerelease_str[2:], 0, 0)
+		if err != nil {
+			return errors.New("Prerelease version should start with rc followed by numbers")
+		}
+	}
+
+	version := fmt.Sprintf("%d.%d.%d.%d", v.Major(), v.Minor(),
+		v.Patch(), prerelease)
+	newContents := strings.Replace(string(read), "0.0.0.0", version, -1)
+	err = ioutil.WriteFile("docs/winres/winres.json",
+		[]byte(newContents), 0644)
+	if err != nil {
+		return err
+	}
+
+	command := []string{"make",
+		"--in", "docs/winres/winres.json", "--out", "bin/rsrc"}
+
+	err = sh.Run("go-winres", command...)
+	if err != nil {
+		err = sh.Run(mg.GoCmd(), "install", "github.com/tc-hib/go-winres@d743268d7ea168077ddd443c4240562d4f5e8c3e")
+		if err != nil {
+			return err
+		}
+
+		err = sh.Run("go-winres", command...)
+
+		return err
+	}
+
+	return nil
+}
diff --git a/vql/parsers/ntfs.go b/vql/parsers/ntfs.go
index 7977a0759e0..d98b34a55d5 100644
--- a/vql/parsers/ntfs.go
+++ b/vql/parsers/ntfs.go
@@ -1,19 +1,19 @@
 /*
-   Velociraptor - Dig Deeper
-   Copyright (C) 2019-2024 Rapid7 Inc.
+Velociraptor - Dig Deeper
+Copyright (C) 2019-2024 Rapid7 Inc.
 
-   This program is free software: you can redistribute it and/or modify
-   it under the terms of the GNU Affero General Public License as published
-   by the Free Software Foundation, either version 3 of the License, or
-   (at your option) any later version.
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published
+by the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
 
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU Affero General Public License for more details.
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
 
-   You should have received a copy of the GNU Affero General Public License
-   along with this program.  If not, see <https://www.gnu.org/licenses/>.
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 package parsers
 
@@ -23,6 +23,7 @@ import (
 	"strings"
 
 	"github.com/Velocidex/ordereddict"
+	"www.velocidex.com/golang/go-ntfs/parser"
 	ntfs "www.velocidex.com/golang/go-ntfs/parser"
 	"www.velocidex.com/golang/velociraptor/accessors"
 	"www.velocidex.com/golang/velociraptor/accessors/ntfs/readers"
@@ -368,7 +369,7 @@ func (self NTFSRangesPlugin) Call(
 			return
 		}
 
-		for _, rng := range reader.Ranges() {
+		for _, rng := range parser.DebugRuns(reader, 0) {
 			select {
 			case <-ctx.Done():
 				return