base/files/pe/main.zeek
- PE
- Namespace
PE
- Imports
Summary
Types
Redefinitions
Events
Event for accessing logged records. |
Hooks
A hook that gets called when we first see a PE file. |
Detailed Interface
Types
- PE::Info
- Type
-
- ts:
time
&log
Current timestamp.
- id:
string
&log
File id of this portable executable file.
- machine:
string
&log
&optional
The target machine that the file was compiled for.
- compile_ts:
time
&log
&optional
The time that the file was created at.
- os:
string
&log
&optional
The required operating system.
- subsystem:
string
&log
&optional
The subsystem that is required to run this file.
- is_exe:
bool
&log
&default
=T
&optional
Is the file an executable, or just an object file?
- is_64bit:
bool
&log
&default
=T
&optional
Is the file a 64-bit executable?
- uses_aslr:
bool
&log
&default
=F
&optional
Does the file support Address Space Layout Randomization?
- uses_dep:
bool
&log
&default
=F
&optional
Does the file support Data Execution Prevention?
- uses_code_integrity:
bool
&log
&default
=F
&optional
Does the file enforce code integrity checks?
- uses_seh:
bool
&log
&default
=T
&optional
Does the file use structured exception handing?
- has_import_table:
bool
&log
&optional
Does the file have an import table?
- has_export_table:
bool
&log
&optional
Does the file have an export table?
- has_cert_table:
bool
&log
&optional
Does the file have an attribute certificate table?
- has_debug_data:
bool
&log
&optional
Does the file have a debug table?
- section_names:
vector
ofstring
&log
&optional
The names of the sections, in order.
- ts:
Events
- PE::log_pe
-
Event for accessing logged records.
Hooks
- PE::set_file
-
A hook that gets called when we first see a PE file.