# This file was automatically generated by bifcl from /Users/jon/tmp/bro-2.5.5/src/file_analysis/analyzer/pe/events.bif (plugin mode).

## A :abbr:`PE (Portable Executable)` file DOS header was parsed.
## This is the top-level header and contains information like the
## size of the file, initial value of registers, etc.
##
## f: The file.
##
## h: The parsed DOS header information.
##
## .. bro:see:: pe_dos_code pe_file_header pe_optional_header pe_section_header
export {
global pe_dos_header: event(f: fa_file , h: PE::DOSHeader );


## A :abbr:`PE (Portable Executable)` file DOS stub was parsed.
## The stub is a valid application that runs under MS-DOS, by default
## to inform the user that the program can't be run in DOS mode.
##
## f: The file.
##
## code: The DOS stub
##
## .. bro:see:: pe_dos_header pe_file_header pe_optional_header pe_section_header
global pe_dos_code: event(f: fa_file , code: string );


## A :abbr:`PE (Portable Executable)` file file header was parsed.
## This header contains information like the target machine,
## the timestamp when the file was created, the number of sections, and
## pointers to other parts of the file.
##
## f: The file.
##
## h: The parsed file header information.
##
## .. bro:see:: pe_dos_header pe_dos_code pe_optional_header pe_section_header
global pe_file_header: event(f: fa_file , h: PE::FileHeader );


## A :abbr:`PE (Portable Executable)` file optional header was parsed.
## This header is required for executable files, but not for object files.
## It contains information like OS requirements to execute the file, the
## original entry point address, and information needed to load the file
## into memory.
##
## f: The file.
##
## h: The parsed optional header information.
##
## .. bro:see:: pe_dos_header pe_dos_code pe_file_header pe_section_header
global pe_optional_header: event(f: fa_file , h: PE::OptionalHeader );


## A :abbr:`PE (Portable Executable)` file section header was parsed.
## This header contains information like the section name, size, address,
## and characteristics.
##
## f: The file.
##
## h: The parsed section header information.
##
## .. bro:see:: pe_dos_header pe_dos_code pe_file_header pe_optional_header
global pe_section_header: event(f: fa_file , h: PE::SectionHeader );

} # end of export section
module GLOBAL;