ikiril01
commented
9 years ago Context: this is useful primarily for malware-related use cases, for more accurately characterizing the properties of a PE binary (i.e. in MAEC).
LOE: Low
Open ikiril01 opened 10 years ago
ikiril01
commented
9 years ago Context: this is useful primarily for malware-related use cases, for more accurately characterizing the properties of a PE binary (i.e. in MAEC).
LOE: Low
It may be worthwhile to considering modifying our representation of PE Optional Header data directories in the Windows Executable File Object. At the moment, we have separate elements under the DataDirectoryType for each type of data directory, e.g. Export Table, Import Table, etc. It might be cleaner to just remove these elements and merge the DataDirectoryType with the PESectionHeaderStructType, to which we could add a "name" or "type" field for capturing the type of the data directory (i.e. what it refers to). This will also be more flexible for allowing specification of new data directory types in case they are added to the PE specification in the future.