dissect.util 3.23.dev12__pp311-pypy311_pp73-win_amd64.whl

dissect/util/tools/dump_nskeyedarchiver.py

@@ -0,0 +1,61 @@
+from __future__ import annotations
+
+import argparse
+from typing import Any
+
+from dissect.util.plist import NSKeyedArchiver, NSObject
+
+
+def main() -> None:
+    parser = argparse.ArgumentParser()
+    parser.add_argument("file", type=argparse.FileType("rb"), help="NSKeyedArchiver plist file to dump")
+    args = parser.parse_args()
+
+    with args.file as fh:
+        try:
+            obj = NSKeyedArchiver(fh)
+        except ValueError as e:
+            parser.exit(str(e))
+
+        print(obj)
+        print_object(obj.top)
+
+
+def print_object(obj: Any, indent: int = 0, seen: set | None = None) -> None:
+    if seen is None:
+        seen = set()
+
+    try:
+        if obj in seen:
+            print(fmt(f"Recursive -> {obj}", indent))
+            return
+    except Exception:
+        pass
+
+    if isinstance(obj, list):
+        for i, v in enumerate(obj):
+            print(fmt(f"[{i}]:", indent))
+            print_object(v, indent + 1, seen)
+
+    elif isinstance(obj, dict | NSObject):
+        if isinstance(obj, NSObject):
+            print(fmt(obj, indent))
+            try:
+                seen.add(obj)
+            except TypeError:
+                pass
+
+        for k in sorted(obj.keys()):
+            print(fmt(f"{k}:", indent + 1))
+            print_object(obj[k], indent + 2, seen)
+
+    else:
+        print(fmt(obj, indent))
+
+
+def fmt(obj: Any, indent: int) -> str:
+    return f"{' ' * (indent * 4)}{obj}"
+
+
+if __name__ == "__main__":
+    main()

dissect/util/ts.py

@@ -0,0 +1,295 @@
+from __future__ import annotations
+
+import struct
+from datetime import datetime, timedelta, timezone
+
+# Python on Windows and WASM (Emscripten) have problems calculating timestamps before 1970 (Unix epoch)
+# Calculating relatively from the epoch is required on these platforms
+# This method is slower, so we split the implementation between Windows, WASM and other platforms
+# This used to be a platform comparison, but that was not reliable enough, so ducktype it instead
+try:
+    datetime.fromtimestamp(-6969696969, tz=timezone.utc)
+
+    def _calculate_timestamp(ts: float) -> datetime:
+        """Calculate timestamps normally."""
+        return datetime.fromtimestamp(ts, tz=timezone.utc)
+except (OSError, OverflowError):
+    _EPOCH = datetime(1970, 1, 1, tzinfo=timezone.utc)
+
+    def _calculate_timestamp(ts: float) -> datetime:
+        """Calculate timestamps relative from Unix epoch."""
+        return _EPOCH + timedelta(seconds=ts)
+
+
+def now() -> datetime:
+    """Return an aware datetime object of the current time in UTC."""
+    return datetime.now(timezone.utc)
+
+
+def unix_now() -> int:
+    """Return a Unix timestamp of the current time."""
+    return to_unix(now())
+
+
+def unix_now_ms() -> int:
+    """Return a Unix millisecond timestamp of the current time."""
+    return to_unix_ms(now())
+
+
+def unix_now_us() -> int:
+    """Return a Unix microsecond timestamp of the current time."""
+    return to_unix_us(now())
+
+
+def unix_now_ns() -> int:
+    """Return a Unix nanosecond timestamp of the current time."""
+    return to_unix_ns(now())
+
+
+def to_unix(dt: datetime) -> int:
+    """Converts datetime objects into Unix timestamps.
+
+    This is a convenience method.
+
+    Args:
+        dt: The datetime object.
+
+    Returns:
+        Unix timestamp from the passed datetime object.
+    """
+    return int(dt.timestamp())
+
+
+def to_unix_ms(dt: datetime) -> int:
+    """Converts datetime objects into Unix millisecond timestamps.
+
+    This is a convenience method.
+
+    Args:
+        dt: The datetime object.
+
+    Returns:
+        Unix millisecond timestamp from the passed datetime object.
+    """
+    return int(dt.timestamp() * 1e3)
+
+
+def to_unix_us(dt: datetime) -> int:
+    """Converts datetime objects into Unix microsecond timestamps.
+
+    This is a convenience method.
+
+    Args:
+        dt: The datetime object.
+
+    Returns:
+        Unix microsecond timestamp from the passed datetime object.
+    """
+    return int(dt.timestamp() * 1e6)
+
+
+def to_unix_ns(dt: datetime) -> int:
+    """Converts datetime objects into Unix nanosecond timestamps.
+
+    This is a convenience method.
+
+    Args:
+        dt: The datetime object.
+
+    Returns:
+        Unix nanosecond timestamp from the passed datetime object.
+    """
+    return to_unix_us(dt) * 1000
+
+
+def from_unix(ts: float) -> datetime:
+    """Converts Unix timestamps to aware datetime objects in UTC.
+
+    This is a convenience method.
+
+    Args:
+        ts: The Unix timestamp.
+
+    Returns:
+        Datetime object from the passed timestamp.
+    """
+    return _calculate_timestamp(ts)
+
+
+def from_unix_ms(ts: float) -> datetime:
+    """Converts Unix timestamps in milliseconds to aware datetime objects in UTC.
+
+    Args:
+        ts: The Unix timestamp in milliseconds.
+
+    Returns:
+        Datetime object from the passed timestamp.
+    """
+    return from_unix(float(ts) * 1e-3)
+
+
+def from_unix_us(ts: float) -> datetime:
+    """Converts Unix timestamps in microseconds to aware datetime objects in UTC.
+
+    Args:
+        ts: The Unix timestamp in microseconds.
+
+    Returns:
+        Datetime object from the passed timestamp.
+    """
+    return from_unix(float(ts) * 1e-6)
+
+
+def from_unix_ns(ts: float) -> datetime:
+    """Converts Unix timestamps in nanoseconds to aware datetime objects in UTC.
+
+    Args:
+        ts: The Unix timestamp in nanoseconds.
+
+    Returns:
+        Datetime object from the passed timestamp.
+    """
+    return from_unix(float(ts) * 1e-9)
+
+
+def xfstimestamp(seconds: int, nano: int) -> datetime:
+    """Converts XFS timestamps to aware datetime objects in UTC.
+
+    Args:
+        seconds: The XFS timestamp seconds component
+        nano: The XFS timestamp nano seconds component
+    Returns:
+        Datetime object from the passed timestamp.
+    """
+    return _calculate_timestamp(float(seconds) + (1e-9 * nano))
+
+
+ufstimestamp = xfstimestamp
+
+
+def wintimestamp(ts: int | tuple[int, int]) -> datetime:
+    """Converts Windows ``FILETIME`` timestamps to aware datetime objects in UTC.
+
+    Args:
+        ts: The Windows timestamp integer or a tuple of integers (``dwLowDateTime``, ``dwHighDateTime``)
+
+    Returns:
+        Datetime object from the passed timestamp.
+
+    Resources:
+        - https://learn.microsoft.com/en-us/windows/win32/api/minwinbase/ns-minwinbase-filetime
+    """
+    if isinstance(ts, tuple):
+        if len(ts) != 2:
+            raise ValueError(f"Expected (dwLowDateTime, dwHighDateTime) tuple but got {ts!r}")
+        ts = (ts[1] << 32) + ts[0]
+
+    return _calculate_timestamp(float(ts) * 1e-7 - 11_644_473_600)  # Thanks FireEye
+
+
+def oatimestamp(ts: float) -> datetime:
+    """Converts OLE Automation timestamps to aware datetime objects in UTC.
+
+    Args:
+        ts: The OLE Automation timestamp.
+
+    Returns:
+        Datetime object from the passed timestamp.
+    """
+    if not isinstance(ts, float):
+        # Convert from int to float
+        (ts,) = struct.unpack("<d", struct.pack("<Q", ts & 0xFFFFFFFFFFFFFFFF))
+    return _calculate_timestamp((ts - 25569) * 86400)
+
+
+def webkittimestamp(ts: int) -> datetime:
+    """Converts WebKit timestamps to aware datetime objects in UTC.
+
+    Args:
+        ts: The WebKit timestamp.
+
+    Returns:
+        Datetime object from the passed timestamp.
+    """
+    return _calculate_timestamp(float(ts) * 1e-6 - 11644473600)
+
+
+def cocoatimestamp(ts: int) -> datetime:
+    """Converts Apple Cocoa Core Data timestamps to aware datetime objects in UTC.
+
+    Args:
+        ts: The Apple Cocoa Core Data timestamp.
+
+    Returns:
+        Datetime object from the passed timestamp.
+    """
+    return _calculate_timestamp(float(ts) + 978307200)
+
+
+def uuid1timestamp(ts: int) -> datetime:
+    """Converts UUID version 1 timestamps to aware datetime objects in UTC.
+
+    UUID v1 timestamps have an epoch of 1582-10-15 00:00:00.
+
+    Args:
+        ts: The UUID version 1 timestamp
+
+    Returns:
+        Datetime object from the passed timestamp.
+    """
+    return _calculate_timestamp(float(ts) * 1e-7 - 12219292800)
+
+
+DOS_EPOCH_YEAR = 1980
+
+
+def dostimestamp(ts: int, centiseconds: int = 0, swap: bool = False) -> datetime:
+    """Converts MS-DOS timestamps to naive datetime objects.
+
+    MS-DOS timestamps are recorded in local time, so we leave it up to the caller to add optional timezone information.
+
+    References:
+        - https://web.archive.org/web/20180311003959/http://www.vsft.com/hal/dostime.htm
+
+    Args:
+        ts: MS-DOS timestamp
+        centiseconds: Optional ExFAT centisecond offset. Yes centisecond...
+        swap: Optional swap flag if date and time bytes are swapped.
+
+    Returns:
+        Datetime object from the passed timestamp.
+    """
+    # MS-DOS Date Time Format is actually 2 UINT16_T's first 16 bits are the time, second 16 bits are date
+    # the year is an offset of the MS-DOS epoch year, which is 1980
+
+    if swap:
+        year = ((ts >> 9) & 0x7F) + DOS_EPOCH_YEAR
+        month = (ts >> 5) & 0x0F
+        day = ts & 0x1F
+
+        hours = (ts >> 27) & 0x1F
+        minutes = (ts >> 21) & 0x3F
+        seconds = ((ts >> 16) & 0x1F) * 2
+    else:  # non-swapped way
+        year = ((ts >> 25) & 0x7F) + DOS_EPOCH_YEAR
+        month = (ts >> 21) & 0x0F
+        day = (ts >> 16) & 0x1F
+
+        hours = (ts >> 11) & 0x1F
+        minutes = (ts >> 5) & 0x3F
+        seconds = (ts & 0x1F) * 2
+
+    # Note that according to the standard, centiseconds can be at most 199, so
+    # extra_seconds will be at most 1.
+    extra_seconds, centiseconds = divmod(centiseconds, 100)
+    microseconds = centiseconds * 10000
+
+    return datetime(  # noqa: DTZ001
+        year,
+        month or 1,
+        day or 1,
+        hours,
+        minutes,
+        seconds + extra_seconds,
+        microseconds,
+    )

dissect/util/xmemoryview.py

@@ -0,0 +1,117 @@
+from __future__ import annotations
+
+import struct
+import sys
+from typing import TYPE_CHECKING, Any
+
+if TYPE_CHECKING:
+    from collections.abc import Iterator
+
+
+def xmemoryview(view: bytes, format: str) -> memoryview | _xmemoryview:
+    """Cast a memoryview to the specified format, including endianness.
+
+    The regular ``memoryview.cast()`` method only supports host endianness. While that should be fine 99% of the time
+    (most of the world runs on little endian systems), we'd rather it be fine 100% of the time. This utility method
+    ensures that by transparently converting between endianness if it doesn't match the host endianness.
+
+    If the host endianness matches the requested endianness, this simply returns a regular ``memoryview.cast()``.
+
+    See ``memoryview.cast()`` for more details on what that actually does.
+
+    Args:
+        view: The bytes object or memoryview to cast.
+        format: The format to cast to in ``struct`` format syntax.
+
+    Raises:
+        ValueError: If the format is invalid.
+        TypeError: If the view is of an invalid type.
+    """
+    if len(format) != 2:
+        raise ValueError("Invalid format specification")
+
+    if isinstance(view, bytes | bytearray):
+        view = memoryview(view)
+
+    if not isinstance(view, memoryview):
+        raise TypeError("view must be a memoryview, bytes or bytearray object")
+
+    endian = format[0]
+    view = view.cast(format[1])
+
+    if (
+        endian in ("@", "=")
+        or (sys.byteorder == "little" and endian == "<")
+        or (sys.byteorder == "big" and endian in (">", "!"))
+    ):
+        # Native endianness, don't need to do anything
+        return view
+
+    # Non-native endianness
+    return _xmemoryview(view, format)
+
+
+class _xmemoryview:  # noqa: N801
+    """Wrapper for memoryview that converts between host and a different destination endianness.
+
+    Args:
+        view: The (already casted) memoryview to wrap.
+        format: The format to convert to.
+    """
+
+    def __init__(self, view: memoryview, format: str):
+        self._format = format
+
+        fmt = format[1]
+        self._view = view
+        self._struct_frm = struct.Struct(f"={fmt}")
+        self._struct_to = struct.Struct(format)
+
+    def tolist(self) -> list[int]:
+        return self._convert_from_native(self._view.tolist())
+
+    def _convert_from_native(self, value: list[int] | int) -> int:
+        if isinstance(value, list):
+            endian = self._format[0]
+            fmt = self._format[1]
+            pck = f"{len(value)}{fmt}"
+            return list(struct.unpack(f"{endian}{pck}", struct.pack(f"={pck}", *value)))
+        return self._struct_to.unpack(self._struct_frm.pack(value))[0]
+
+    def _convert_to_native(self, value: list[int] | int) -> int:
+        if isinstance(value, list):
+            endian = self._format[0]
+            fmt = self._format[1]
+            pck = f"{len(value)}{fmt}"
+            return list(struct.unpack(f"={pck}", struct.pack(f"{endian}{pck}", *value)))
+        return self._struct_frm.unpack(self._struct_to.pack(value))[0]
+
+    def __getitem__(self, idx: int | slice) -> int | bytes:
+        value = self._view[idx]
+        if isinstance(idx, int):
+            return self._convert_from_native(value)
+        if isinstance(idx, slice):
+            return _xmemoryview(self._view[idx], self._format)
+
+        raise TypeError("Invalid index type")
+
+    def __setitem__(self, idx: int | slice, value: list[int] | int) -> None:
+        if isinstance(idx, int | slice):
+            self._view[idx] = self._convert_to_native(value)
+        else:
+            raise TypeError("Invalid index type")
+
+    def __len__(self) -> int:
+        return len(self._view)
+
+    def __eq__(self, other: memoryview | _xmemoryview) -> bool:
+        if isinstance(other, _xmemoryview):
+            other = other._view
+        return self._view.__eq__(other)
+
+    def __iter__(self) -> Iterator[int]:
+        for value in self._view:
+            yield self._convert_from_native(value)
+
+    def __getattr__(self, attr: str) -> Any:
+        return getattr(self._view, attr)

dissect_util-3.23.dev12.dist-info/METADATA

@@ -0,0 +1,89 @@
+Metadata-Version: 2.4
+Name: dissect.util
+Version: 3.23.dev12
+Summary: A Dissect module implementing various utility functions for the other Dissect modules
+Author-email: Dissect Team <dissect@fox-it.com>
+License-Expression: Apache-2.0
+Project-URL: homepage, https://dissect.tools
+Project-URL: documentation, https://docs.dissect.tools/en/latest/projects/dissect.util
+Project-URL: repository, https://github.com/fox-it/dissect.util
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Internet :: Log Analysis
+Classifier: Topic :: Scientific/Engineering :: Information Analysis
+Classifier: Topic :: Security
+Classifier: Topic :: Utilities
+Requires-Python: >=3.10.0
+Description-Content-Type: text/markdown
+License-File: LICENSE
+License-File: COPYRIGHT
+Dynamic: license-file
+
+# dissect.util
+
+A Dissect module implementing various utility functions for the other Dissect modules. For more information, please see
+[the documentation](https://docs.dissect.tools/en/latest/projects/dissect.util/index.html).
+
+## Requirements
+
+This project is part of the Dissect framework and requires Python.
+
+Information on the supported Python versions can be found in the Getting Started section of [the documentation](https://docs.dissect.tools/en/latest/index.html#getting-started).
+
+## Installation
+
+`dissect.util` is available on [PyPI](https://pypi.org/project/dissect.util/).
+
+```bash
+pip install dissect.util
+```
+
+`dissect.util` includes both a pure Python implementation as well as a faster native Rust implementation of the LZ4 and LZO decompression algorithms.
+Pre-build wheels are available for most common platforms and the native implementation will automatically be used.
+In the rare case that a pre-build wheel is not available, the pure Python implementation will automatically be used instead.
+If you wish to build your own wheel in the case a pre-build one is not available for your platform, you can do so by running the following command:
+
+```bash
+tox -e build-native
+```
+
+Note that you'll need to bring your own Rust toolchain for the target platform you wish to build a wheel for. For example, using [rustup](https://rustup.rs).
+
+## Build and test instructions
+
+This project uses `tox` to build source and wheel distributions. Run the following command from the root folder to build
+these:
+
+```bash
+tox -e build
+```
+
+The build artifacts can be found in the `dist/` directory.
+
+`tox` is also used to run linting and unit tests in a self-contained environment. To run both linting and unit tests
+using the default installed Python version, run:
+
+```bash
+tox
+```
+
+For a more elaborate explanation on how to build and test the project, please see [the
+documentation](https://docs.dissect.tools/en/latest/contributing/tooling.html).
+
+## Contributing
+
+The Dissect project encourages any contribution to the codebase. To make your contribution fit into the project, please
+refer to [the development guide](https://docs.dissect.tools/en/latest/contributing/developing.html).
+
+## Copyright and license
+
+Dissect is released as open source by Fox-IT (<https://www.fox-it.com>) part of NCC Group Plc
+(<https://www.nccgroup.com>).
+
+Developed by the Dissect Team (<dissect@fox-it.com>) and made available at <https://github.com/fox-it/dissect>.
+
+License terms: Apache License 2.0 (<https://www.apache.org/licenses/LICENSE-2.0>). For more information, see the LICENSE file.

dissect_util-3.23.dev12.dist-info/RECORD

@@ -0,0 +1,43 @@
+dissect/util/__init__.py,sha256=2EmJK2xNRhU4r1ewXiqqNI5fb5ScklZrV5buMtwFoO8,321
+dissect/util/_build.py,sha256=oKs1ddUIdmhGC5BmtRZCdWdFpJv6mkubjQLSBfp4LSo,642
+dissect/util/_native.pypy311-pp73-win_amd64.pyd,sha256=R-0BxXl55Uh5vwMAz7SvR8c_w9WhxVPg6agnXecSLDA,246272
+dissect/util/cpio.py,sha256=D9FUMR-cxdyg1Sscry5PsGz6RPFcR5jDjx9FVBZxUSI,7802
+dissect/util/exceptions.py,sha256=Jbb9aXOQMp1-z_5mReptEZ9dNFbGzS3iiZ6d83Xu53U,81
+dissect/util/ldap.py,sha256=P1tIkEh64UeiD6j3bEU_-w_V5yB7n7W-yV-2fUB7TDQ,7601
+dissect/util/plist.py,sha256=NJzPwgqm-Z2FZvs1_5sG5orRWOcTj94RLS6u4bbpLpg,4707
+dissect/util/sid.py,sha256=OV-jEJxKcgrtqaMKL8KTwzJ-Z1ihnczKKN1gNrtVKP0,1608
+dissect/util/stream.py,sha256=VWsg9KPqgntYwLamkm6f55CaOTDs3JZwSot7vzrVA9Q,23784
+dissect/util/ts.py,sha256=iDSIXpp9zmKGLTUEIBrn_FVTQlUiV-6-9S2PwusqFg4,8498
+dissect/util/xmemoryview.py,sha256=C2_3hGSMHWgorQunnx7fy2Qo2ZVCstQgZR7RO4S_6_0,4202
+dissect/util/_native/__init__.pyi,sha256=UaRPrAxT1xeI8C9CWWtSCVgn_ln54V9BlWEr0oqKK7k,89
+dissect/util/_native/compression/__init__.pyi,sha256=0Lf8MLWvxxU6FvPO-7v7jHP-1w4I9y17ekCVWuoQ4ls,83
+dissect/util/_native/compression/lz4.pyi,sha256=V1ref_7dBUc1GQRuPeUnRooTuPUG2kiyKTuPqyJuZjY,184
+dissect/util/_native/compression/lzo.pyi,sha256=-Rpuc-O5qBOeUBIu3FpqkX4ltj5OUmtmcu7_l1IpODM,123
+dissect/util/_native/hash/__init__.py,sha256=ZX-FQAxBHhLiA5joncU5j2SxZNMVqv0UU4QCMJFrS0M,70
+dissect/util/_native/hash/crc32c.py,sha256=zZIqijdLzz6EOcs5qft3Ku0My2vgq7tZsm7qIocxgYE,100
+dissect/util/compression/__init__.py,sha256=hESjRzmD37Rg80d2ICRwBQTL2XMPaBUZjRPMP7lsnsY,1326
+dissect/util/compression/lz4.py,sha256=AzzuEUAgscvUqlnWZd2hiOaTh8Z7Rx-gWjrWukwe5y4,2846
+dissect/util/compression/lzbitmap.py,sha256=NgwrwkmZtUHPZm61ru3Hf5Yd9xTRQf07brvf1PdXItM,4630
+dissect/util/compression/lzfse.py,sha256=MBG9fSBrcKcw7950DhsGpS_96UVL2F2dsfiaxXxVvPg,16572
+dissect/util/compression/lznt1.py,sha256=xOmlEwOk9D63CwWcly3JLPQuvrsJYgg4I2qk2Lupf64,2775
+dissect/util/compression/lzo.py,sha256=a6JRP-5c94MBglbbOv98z--n69JRyR5itZzd-nmAK2A,3865
+dissect/util/compression/lzvn.py,sha256=jKcjofse-elDPji8Bh21tdEJEHTYlDfO0q0tXsy2axk,8208
+dissect/util/compression/lzxpress.py,sha256=Uf5yZGCq9dpm07_x-Ak8PNtSJQyZ8-Y5Oi6ZCJ8cZg4,2564
+dissect/util/compression/lzxpress_huffman.py,sha256=3sFzO7zttpj0aXAdIb5uay3iVpRFI5AN9nnAIbl_crM,4867
+dissect/util/compression/sevenbit.py,sha256=JB1cHOQJl6iZAU7xEKQyECKh2Fugtqg293bYDCy7b-I,1587
+dissect/util/compression/xz.py,sha256=dPz_bGejRdXs6tI6qPS9wUSytCrVloC-7V8dC48IAjA,3891
+dissect/util/encoding/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+dissect/util/encoding/surrogateescape.py,sha256=ycL9JF_XW6zBYU6T48WRvdgJxCWEltO2suRd2b4nq6g,513
+dissect/util/hash/__init__.py,sha256=4ECmH1rT25Kjw0Bd8CcE3NdxKR9qQNVi-XyEliZXy6M,767
+dissect/util/hash/crc32.py,sha256=5o_7Xbzh3MN17Aj51jZfRW1f30YLsBKGJSEPQcIVJ_Q,2035
+dissect/util/hash/crc32c.py,sha256=vtdb5dP9DKcPp__64e74ns6bbV2gPhPtR9s0frxcamg,3978
+dissect/util/hash/jenkins.py,sha256=JWmFzOAy7TL0DiFTi8FYdQsNrLEmqDlE2fCFXavioPs,3629
+dissect/util/tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+dissect/util/tools/dump_nskeyedarchiver.py,sha256=D-fyHtRznOaxAXXHfX1zQV6O9cv1-4adenkZ11yFZmg,1515
+dissect_util-3.23.dev12.dist-info/licenses/COPYRIGHT,sha256=S_KncaHsPtWbl45lU6Af9AXZKYkbGqYksHkTMwutG8o,318
+dissect_util-3.23.dev12.dist-info/licenses/LICENSE,sha256=p-DRQtYicr7hWv7iyiM44c2B6-b3BMu8N5H5s0h82ts,11542
+dissect_util-3.23.dev12.dist-info/METADATA,sha256=ewOw6Z7UFG9ugkI5HIt2cp_5XvIetfJoHS2hhVm0yow,3704
+dissect_util-3.23.dev12.dist-info/WHEEL,sha256=mDTLi-lcRey7JEenATTEcfpRSN3DewF3dJqTvlZbDhU,108
+dissect_util-3.23.dev12.dist-info/entry_points.txt,sha256=3mwSDD1MUdj0nnTcl2qYFMeu6KYMTycUQS0rlp5CQHI,86
+dissect_util-3.23.dev12.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect_util-3.23.dev12.dist-info/RECORD,,

dissect_util-3.23.dev12.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (80.9.0)
+Root-Is-Purelib: false
+Tag: pp311-pypy311_pp73-win_amd64
+

dissect_util-3.23.dev12.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+dump-nskeyedarchiver = dissect.util.tools.dump_nskeyedarchiver:main

dissect_util-3.23.dev12.dist-info/licenses/COPYRIGHT

@@ -0,0 +1,5 @@
+Dissect is released as open source by Fox-IT (https://www.fox-it.com) part of NCC Group Plc (https://www.nccgroup.com)
+
+Developed by the Dissect Team (dissect@fox-it.com) and made available at https://github.com/fox-it/dissect.util
+
+License terms: Apache License 2.0 (https://www.apache.org/licenses/LICENSE-2.0)