search

VirusTotal / yara-python

The Python interface for YARA
http://virustotal.github.io/yara/
Apache License 2.0
648 stars 179 forks source link

No "imports" details on PE data callback #154

Open ariefprabowo opened 4 years ago

ariefprabowo commented 4 years ago

Thank you for this awesome project!

I have some questions:

  1. When I using the pe module and parsing the data returned by the Yara's callback function, I can't find any entry related to the import details. Is there any reason why it's not included in the returned data? On that data, I can find export_details (func name, offset, ordinal, etc) but no import_details or similar entry, only number_of_imports available?

  2. Also, is it possible to include the imphash value on that data too?

Thank you!

wxsBSD commented 4 years ago

The imports stuff is not directly exposed, it is only available via functions, which are not exposed to callback data (for good reasons). This is also true for imphash - it too is a function.