Open ikiril01 opened 10 years ago
ikiril01
commented
9 years ago This would likely entail creating a new "PECharacteristicsType", that contains a "Characteristic" element with a multiplicity of 1-N, for capturing the individual characteristics.
athiasjerome
commented
9 years ago +1 but I would recommend while defining the various Characteristics (that would take time as too hard to be exhaustive) to keep but rename Characteristics in something like OtherCharacteristics or Additional Characteristics as a "garbage collector"
ikiril01
commented
9 years ago @athiasjerome not sure exactly what you mean - are you referring to adding a separate "Other_Characteristics" field for capturing non-standard characteristics?
In the PEFileHeaderType of the Windows Executable File Object, we use a single element for capturing the Characteristics. These can be reported as separate entries (e.g. IMAGE_FILE_DLL), so we should consider allowing for the characterization of these broken out entries instead of forcing them to be glommed together in a single field.