GLOBAL
¶Namespace: | GLOBAL |
---|---|
Source File: | /scripts/base/bif/plugins/Bro_PE.events.bif.bro |
pe_dos_code : event |
A PE file DOS stub was parsed. |
pe_dos_header : event |
A PE file DOS header was parsed. |
pe_file_header : event |
A PE file file header was parsed. |
pe_optional_header : event |
A PE file optional header was parsed. |
pe_section_header : event |
A PE file section header was parsed. |
pe_dos_code
¶Type: | event (f: fa_file , code: string ) |
---|
A PE file DOS stub was parsed. The stub is a valid application that runs under MS-DOS, by default to inform the user that the program can’t be run in DOS mode.
F: | The file. |
---|---|
Code: | The DOS stub |
See also: pe_dos_header
, pe_file_header
, pe_optional_header
, pe_section_header
pe_dos_header
¶Type: | event (f: fa_file , h: PE::DOSHeader ) |
---|
A PE file DOS header was parsed. This is the top-level header and contains information like the size of the file, initial value of registers, etc.
F: | The file. |
---|---|
H: | The parsed DOS header information. |
See also: pe_dos_code
, pe_file_header
, pe_optional_header
, pe_section_header
pe_file_header
¶Type: | event (f: fa_file , h: PE::FileHeader ) |
---|
A PE file file header was parsed. This header contains information like the target machine, the timestamp when the file was created, the number of sections, and pointers to other parts of the file.
F: | The file. |
---|---|
H: | The parsed file header information. |
See also: pe_dos_header
, pe_dos_code
, pe_optional_header
, pe_section_header
pe_optional_header
¶Type: | event (f: fa_file , h: PE::OptionalHeader ) |
---|
A PE file optional header was parsed. This header is required for executable files, but not for object files. It contains information like OS requirements to execute the file, the original entry point address, and information needed to load the file into memory.
F: | The file. |
---|---|
H: | The parsed optional header information. |
See also: pe_dos_header
, pe_dos_code
, pe_file_header
, pe_section_header
pe_section_header
¶Type: | event (f: fa_file , h: PE::SectionHeader ) |
---|
A PE file section header was parsed. This header contains information like the section name, size, address, and characteristics.
F: | The file. |
---|---|
H: | The parsed section header information. |
See also: pe_dos_header
, pe_dos_code
, pe_file_header
, pe_optional_header