PEMeta Service: PEV based PE extractor

HolmesProcessing / Holmes-Totem

Investigation Planner for fast running analysis with predictable execution time. For example, static analysis.

Apache License 2.0

29 stars 16 forks source link

PEMeta Service: PEV based PE extractor #165

Closed boddumanohar closed 7 years ago

boddumanohar commented 7 years ago

solves #152

webstergd commented 7 years ago

@boddumanohar is making a pull request to the PEV guys. Will see what they say and them proceed with the pull based on how pev wants to handle the additions. Hopefully pev wants to join in the fun

boddumanohar commented 7 years ago

with the last 2 commits, PEMETA now supports "resources" and "imphash"

I've been working with the PEV guys and they just confirmed that interfaces are okay. And I started fixing bugs on memory leaks and other optimization stuff. So from now on, mostly no changes will be made to names that we are using in our PEMETA.

webstergd commented 7 years ago

I just checked your work at libpe. Awesome job. Please let me know when that is done and we will merge this in. This should be a major improvement.

webstergd commented 7 years ago

close #152

boddumanohar commented 7 years ago

This version of PEMETA uses original LIBPE as dependency. I also updated README and which shows updated performance metrics.

according to the table, PEMETA is slower than PEINFO v2. This is because ccsetup514.exe took more time to extract resources.

PEMETA is ready for testing.