Fix version parsing issue in offsets extractor

Now finding version information in the nested json file to prevent some
crashes and potentially retrieving more ntoskrnl.exe files

Offsets/ExtractOffsets.py

@@ -17,6 +17,14 @@ machineType = dict(x86=332, x64=34404)
 knownImageVersions = dict(ntoskrnl=list(), wdigest=list())
 extensions_by_mode = dict(ntoskrnl="exe", wdigest="dll")
 
+def find(key, value):
+    for k, v in value.items():
+        if k == key:
+            return v
+        elif isinstance(v, dict):
+            return find(key, v)
+    return None
+
 def printl(s, lock, **kwargs):
     with lock:
         print(s, **kwargs)
@@ -47,9 +55,14 @@ def downloadSpecificFile(entry, pe_basename, pe_ext, knownPEVersions, output_fol
     virtual_size = entry['fileInfo']['virtualSize']
     file_id = hex(timestamp).replace('0x','').zfill(8).upper() + hex(virtual_size).replace('0x','')
     url = 'https://msdl.microsoft.com/download/symbols/' + pe_name + '/' + file_id + '/' + pe_name
-    if "version" not in entry['fileInfo']:
-        return "SKIP"
+    try:
         version = entry['fileInfo']['version'].split(' ')[0]
+    except:
+        version = find('version', entry).split(' ')[0]
+
+    if not version:
+        printl(f'[*] Error parsing version', lock)
+        return "SKIP"
 
     # Output file format: <PE>_build-revision.<exe | dll>
     output_version = '-'.join(version.split('.')[-2:])