[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minimum set of PE Header Fields?
Does anyone have any thoughts on the minimum set of PE Header fields (and other fields) we should include for the PE Binary File Extension? This is one of the last outstanding File Extensions that we need
to define, and I’d rather avoid having to include all of the fields from the old Windows Exectuable File Object [1] if possible. The old Object tried to model an entire PE Binary (similar to how the old PDF File Object modeled an entire PDF File), and base
on our new thinking there’s likely to be a subset of useful fields that can be exchanged; for additional data, it’s more useful to exchange the entire binary (i.e., using the Artifact Object). For reference, here’s the overall structure of the old Object: ·
Build Information ·
Exports ·
Headers
o
DOS_Header
o
Signature
o
File Header
o
Optional Header
o
Hashes ·
Imports ·
PE_Checksum ·
Resources ·
Sections ·
Type [1]
http://cybox.mitre.org/language/version2.1/xsddocs/objects/Win_Executable_File_Object.html Regards, Ivan |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]