base/files/pe/main.zeek
- PE
- Namespace
PE
- Imports
Summary
Types
Redefinitions
Events
Event for accessing logged records. |
Hooks
A hook that gets called when we first see a PE file. |
Detailed Interface
Types
- PE::Info
- Type
-
- ts:
time&log Current timestamp.
- id:
string&log File id of this portable executable file.
- machine:
string&log&optional The target machine that the file was compiled for.
- compile_ts:
time&log&optional The time that the file was created at.
- os:
string&log&optional The required operating system.
- subsystem:
string&log&optional The subsystem that is required to run this file.
- is_exe:
bool&log&default=T&optional Is the file an executable, or just an object file?
- is_64bit:
bool&log&default=T&optional Is the file a 64-bit executable?
- uses_aslr:
bool&log&default=F&optional Does the file support Address Space Layout Randomization?
- uses_dep:
bool&log&default=F&optional Does the file support Data Execution Prevention?
- uses_code_integrity:
bool&log&default=F&optional Does the file enforce code integrity checks?
- uses_seh:
bool&log&default=T&optional Does the file use structured exception handing?
- has_import_table:
bool&log&optional Does the file have an import table?
- has_export_table:
bool&log&optional Does the file have an export table?
- has_cert_table:
bool&log&optional Does the file have an attribute certificate table?
- has_debug_data:
bool&log&optional Does the file have a debug table?
- section_names:
vectorofstring&log&optional The names of the sections, in order.
- ts:
Events
- PE::log_pe
-
Event for accessing logged records.
Hooks
- PE::set_file
-
A hook that gets called when we first see a PE file.