chore(release): bump version to 1.4.0

Author: 8damon

resx-vscode/package-lock.json

@@ -2,7 +2,7 @@
   "name": "resx-vscode",
   "displayName": "RESX Binary Viewer",
   "description": "VS Code PE and Windows binary analysis viewer for EXE, DLL, and SYS files powered by RESX",
-  "version": "1.0.3",
+  "version": "1.4.0",
   "publisher": "titan-softwork-solutions",
   "license": "UNLICENSED",
   "repository": {

resx-vscode/package.json

@@ -1,6 +1,6 @@
 [package]
 name = "resx"
-version = "1.0.3"
+version = "1.4.0"
 edition = "2021"
 authors = ["TITAN Softwork Solutions"]
 description = "Windows binary recon CLI for exports, PDB-backed symbols, CFG recovery, and triage"

resx/Cargo.toml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
-  <assemblyIdentity version="1.0.3.0" processorArchitecture="*" name="TITANSoftworkSolutions.RESX" type="win32" />
+  <assemblyIdentity version="1.4.0.0" processorArchitecture="*" name="TITANSoftworkSolutions.RESX" type="win32" />
   <description>Windows binary recon CLI for exports, PDB-backed symbols, CFG recovery, and triage</description>
   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
     <security>

resx/resx.manifest

@@ -154,7 +154,11 @@ fn read_import_slots(
     let ptr_size = if pe.arch == 64 { 8u32 } else { 4u32 };
     let ord_flag_64 = 1u64 << 63;
     let ord_flag_32 = 1u64 << 31;
-    let name_mask = if pe.arch == 64 { ord_flag_64 - 1 } else { ord_flag_32 - 1 };
+    let name_mask = if pe.arch == 64 {
+        ord_flag_64 - 1
+    } else {
+        ord_flag_32 - 1
+    };
 
     loop {
         if off + 20 > raw.len() {

resx/src/analysis/follow/scan.rs

@@ -284,7 +284,8 @@ pub fn run(
                 current_syscall: None,
                 explain: None,
             };
-            let json = serde_json::to_string_pretty(&versioned_object("dump", &result)).unwrap_or_default();
+            let json = serde_json::to_string_pretty(&versioned_object("dump", &result))
+                .unwrap_or_default();
             writeln!(w, "{}", json).ok();
         }
         return Ok(());
@@ -467,7 +468,14 @@ pub fn run(
         }
     }
     let xrefs = if cfg.show_xrefs {
-        let x = find_xrefs(&raw, &pe, &exports, Some(&symbol_index), target_rva, &resolved_name);
+        let x = find_xrefs(
+            &raw,
+            &pe,
+            &exports,
+            Some(&symbol_index),
+            target_rva,
+            &resolved_name,
+        );
         progress.tick("collecting cross references");
         x
     } else {
@@ -848,7 +856,8 @@ pub fn run(
             }),
             explain: explain_result,
         };
-        let json = serde_json::to_string_pretty(&versioned_object("dump", &result)).unwrap_or_default();
+        let json =
+            serde_json::to_string_pretty(&versioned_object("dump", &result)).unwrap_or_default();
         writeln!(w, "{}", json).ok();
     }
 

resx/src/commands/dump/mod.rs

@@ -13,7 +13,8 @@ pub fn run(term: &str, cfg: &Config, w: &mut dyn Write, c: &Colors) -> Result<()
 
     let result = explain_symbol(query, config_mode(cfg));
     if cfg.json {
-        let out = serde_json::to_string_pretty(&versioned_object("explain", &result)).unwrap_or_default();
+        let out =
+            serde_json::to_string_pretty(&versioned_object("explain", &result)).unwrap_or_default();
         writeln!(w, "{}", out).ok();
     } else {
         print_explain_text(w, &result, c, false);

resx/src/commands/explain.rs

@@ -121,7 +121,8 @@ pub fn run(
         writeln!(
             w,
             "{}",
-            serde_json::to_string_pretty(&versioned_object("callers", node_to_json(&root))).unwrap_or_default()
+            serde_json::to_string_pretty(&versioned_object("callers", node_to_json(&root)))
+                .unwrap_or_default()
         )
         .ok();
     } else {

resx/src/commands/follow.rs

@@ -166,7 +166,12 @@ pub fn assess_build(
         &["__rust_alloc", "__rust_dealloc", "__rust_panic_cleanup"],
     );
     if rust_markers {
-        push_candidate(&mut langs, "Rust", 100, "Rust runtime strings/symbols detected");
+        push_candidate(
+            &mut langs,
+            "Rust",
+            100,
+            "Rust runtime strings/symbols detected",
+        );
         push_candidate(
             &mut tools,
             "rustc / Cargo",
@@ -178,7 +183,13 @@ pub fn assess_build(
     if contains_prefix(&import_dlls, "python")
         || strings_contains_any(
             &strings,
-            &["pyi_rth_", "pyimod", "meipass", "pyinstaller", "python3.dll"],
+            &[
+                "pyi_rth_",
+                "pyimod",
+                "meipass",
+                "pyinstaller",
+                "python3.dll",
+            ],
         )
     {
         push_candidate(
@@ -196,7 +207,11 @@ pub fn assess_build(
     }
     if strings_contains_any(
         &strings,
-        &["nuitka", "__nuitka_binary_dir", "onefile_child_grace_time_int"],
+        &[
+            "nuitka",
+            "__nuitka_binary_dir",
+            "onefile_child_grace_time_int",
+        ],
     ) {
         push_candidate(&mut tools, "Nuitka", 95, "Nuitka loader markers detected");
         push_candidate(
@@ -210,13 +225,23 @@ pub fn assess_build(
         push_candidate(&mut tools, "py2exe", 90, "py2exe bundle markers detected");
     }
     if strings_contains_any(&strings, &["cx_freeze", "initscripts\\console"]) {
-        push_candidate(&mut tools, "cx_Freeze", 90, "cx_Freeze bundle markers detected");
+        push_candidate(
+            &mut tools,
+            "cx_Freeze",
+            90,
+            "cx_Freeze bundle markers detected",
+        );
     }
 
     if contains_any(&import_dlls, &["node.dll", "libnode.dll", "chrome_elf.dll"])
         || strings_contains_any(
             &strings,
-            &["electron.asar", "app.asar", "crashpad_handler", "resources.pak"],
+            &[
+                "electron.asar",
+                "app.asar",
+                "crashpad_handler",
+                "resources.pak",
+            ],
         )
     {
         push_candidate(
@@ -419,7 +444,10 @@ pub fn assess_build(
 
 fn apply_rust_crate_heuristics(list: &mut Vec<(&'static str, Candidate)>, strings: &[String]) {
     let crate_markers: [(&str, &[&str]); 13] = [
-        ("Tokio", &["tokio::", "tokio-runtime-worker", "tokio::runtime"]),
+        (
+            "Tokio",
+            &["tokio::", "tokio-runtime-worker", "tokio::runtime"],
+        ),
         ("Serde", &["serde::", "serde_json::", "serde_yaml::"]),
         ("Reqwest", &["reqwest::", "hyper::client"]),
         ("Hyper", &["hyper::", "h2::proto"]),
@@ -428,7 +456,10 @@ fn apply_rust_crate_heuristics(list: &mut Vec<(&'static str, Candidate)>, string
         ("Rusqlite", &["rusqlite::", "libsqlite3-sys"]),
         ("Clap", &["clap::", "clap_builder::"]),
         ("Anyhow", &["anyhow::", "thiserror::"]),
-        ("Tracing", &["tracing::", "tracing_subscriber::", "env_logger::"]),
+        (
+            "Tracing",
+            &["tracing::", "tracing_subscriber::", "env_logger::"],
+        ),
         ("Regex", &["regex::", "regex-automata::"]),
         ("Rayon", &["rayon::", "rayon-core::"]),
         ("Egui", &["egui::", "eframe::", "epaint::"]),
@@ -452,19 +483,47 @@ fn apply_component_heuristics(
     strings: &[String],
 ) {
     let dll_components: [(&str, &[&str], &str); 13] = [
-        ("OpenSSL", &["libssl", "libcrypto", "ssleay32", "libeay32"], "OpenSSL import DLL detected"),
-        ("libcurl", &["libcurl", "curl.dll"], "libcurl import DLL detected"),
+        (
+            "OpenSSL",
+            &["libssl", "libcrypto", "ssleay32", "libeay32"],
+            "OpenSSL import DLL detected",
+        ),
+        (
+            "libcurl",
+            &["libcurl", "curl.dll"],
+            "libcurl import DLL detected",
+        ),
         ("SQLite", &["sqlite3.dll"], "SQLite import DLL detected"),
-        ("zlib", &["zlib1.dll", "zlibwapi.dll"], "zlib import DLL detected"),
-        ("Qt", &["qt5core.dll", "qt6core.dll", "qt5gui.dll", "qt6gui.dll"], "Qt runtime import DLL detected"),
+        (
+            "zlib",
+            &["zlib1.dll", "zlibwapi.dll"],
+            "zlib import DLL detected",
+        ),
+        (
+            "Qt",
+            &["qt5core.dll", "qt6core.dll", "qt5gui.dll", "qt6gui.dll"],
+            "Qt runtime import DLL detected",
+        ),
         ("SDL2", &["sdl2.dll"], "SDL2 import DLL detected"),
         ("GLFW", &["glfw3.dll"], "GLFW import DLL detected"),
         ("Vulkan", &["vulkan-1.dll"], "Vulkan loader detected"),
         ("OpenGL", &["opengl32.dll"], "OpenGL import detected"),
-        ("Direct3D", &["d3d11.dll", "d3d12.dll", "dxgi.dll"], "Direct3D import detected"),
+        (
+            "Direct3D",
+            &["d3d11.dll", "d3d12.dll", "dxgi.dll"],
+            "Direct3D import detected",
+        ),
         ("libuv", &["libuv.dll"], "libuv import DLL detected"),
-        ("wxWidgets", &["wxmsw", "wxbase"], "wxWidgets import DLL detected"),
-        ("OpenCV", &["opencv_world", "opencv_core"], "OpenCV import DLL detected"),
+        (
+            "wxWidgets",
+            &["wxmsw", "wxbase"],
+            "wxWidgets import DLL detected",
+        ),
+        (
+            "OpenCV",
+            &["opencv_world", "opencv_core"],
+            "OpenCV import DLL detected",
+        ),
     ];
 
     for (label, needles, evidence) in dll_components {
@@ -476,7 +535,10 @@ fn apply_component_heuristics(
     if strings_contains_any(strings, &["webview2", "msedgewebview2", "icorewebview2"]) {
         push_candidate(list, "WebView2", 80, "WebView2 strings detected");
     }
-    if strings_contains_any(strings, &["openssl/", "libcurl/", "sqlite format 3", "zlib"]) {
+    if strings_contains_any(
+        strings,
+        &["openssl/", "libcurl/", "sqlite format 3", "zlib"],
+    ) {
         if strings_contains_any(strings, &["openssl/"]) {
             push_candidate(list, "OpenSSL", 55, "OpenSSL version string detected");
         }
@@ -520,16 +582,31 @@ fn apply_packer_heuristics(
         || has_section(sections, ".themida")
         || strings_contains_any(strings, &["vmprotect", "themida"])
     {
-        push_candidate(list, "VMProtect / Themida", 95, "VMProtect/Themida markers detected");
+        push_candidate(
+            list,
+            "VMProtect / Themida",
+            95,
+            "VMProtect/Themida markers detected",
+        );
     }
     if has_section(sections, ".enigma1")
         || has_section(sections, ".enigma2")
         || strings_contains_any(strings, &["the enigma protector"])
     {
-        push_candidate(list, "Enigma Protector", 95, "Enigma Protector markers detected");
+        push_candidate(
+            list,
+            "Enigma Protector",
+            95,
+            "Enigma Protector markers detected",
+        );
     }
     if strings_contains_any(strings, &["pyinstaller"]) {
-        push_candidate(list, "PyInstaller", 85, "PyInstaller one-file markers detected");
+        push_candidate(
+            list,
+            "PyInstaller",
+            85,
+            "PyInstaller one-file markers detected",
+        );
     }
 
     let high_entropy_exec = pe

resx/src/commands/peinfo/detect.rs

@@ -78,7 +78,14 @@ pub fn run(dll_arg: &str, cfg: &Config, w: &mut dyn Write, c: &Colors) -> Result
 
     let known_names = collect_known_names(&file_name, &metadata);
     let image_kind = detect_image_kind(&pe, &file_name);
-    let assessment = assess_build(&pe, &raw, &imports, &debug, clr.as_ref(), load_config.as_ref());
+    let assessment = assess_build(
+        &pe,
+        &raw,
+        &imports,
+        &debug,
+        clr.as_ref(),
+        load_config.as_ref(),
+    );
     let veh_imports = detect_veh_imports(&imports);
     let startup_routines = find_startup_routines(&pe, &raw);