base/files/pe/main.bro

PE
Namespace:PE
Imports:base/files/pe/consts.bro
Source File:/scripts/base/files/pe/main.bro

Summary

Types

PE::Info: record  

Redefinitions

Log::ID: enum  
fa_file: record &redef  

Events

PE::log_pe: event Event for accessing logged records.

Hooks

PE::set_file: hook A hook that gets called when we first see a PE file.

Detailed Interface

Types

PE::Info
Type:

record

ts: time &log

Current timestamp.

id: string &log

File id of this portable executable file.

machine: string &log &optional

The target machine that the file was compiled for.

compile_ts: time &log &optional

The time that the file was created at.

os: string &log &optional

The required operating system.

subsystem: string &log &optional

The subsystem that is required to run this file.

is_exe: bool &log &default = T &optional

Is the file an executable, or just an object file?

is_64bit: bool &log &default = T &optional

Is the file a 64-bit executable?

uses_aslr: bool &log &default = F &optional

Does the file support Address Space Layout Randomization?

uses_dep: bool &log &default = F &optional

Does the file support Data Execution Prevention?

uses_code_integrity: bool &log &default = F &optional

Does the file enforce code integrity checks?

uses_seh: bool &log &default = T &optional

Does the file use structured exception handing?

has_import_table: bool &log &optional

Does the file have an import table?

has_export_table: bool &log &optional

Does the file have an export table?

has_cert_table: bool &log &optional

Does the file have an attribute certificate table?

has_debug_data: bool &log &optional

Does the file have a debug table?

section_names: vector of string &log &optional

The names of the sections, in order.

Events

PE::log_pe
Type:event (rec: PE::Info)

Event for accessing logged records.

Hooks

PE::set_file
Type:hook (f: fa_file) : bool

A hook that gets called when we first see a PE file.


Previous Page

base/files/pe/consts.bro

Copyright 2016, The Bro Project. Last updated on December 19, 2018. Created using Sphinx 1.8.2.