Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 23:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Make base_of_data optional.

Browse source
This commit is contained in:
Vlad Grigorescu 2015-04-16 19:44:39 -05:00
parent 0b5103b41b
commit 4753e4a3c2
2 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/base/init-bare.bro
View file

@ -2586,7 +2586,7 @@ type PE::OptionalHeader: record {
size_of_uninit_data : count; size_of_uninit_data : count;
addr_of_entry_point : count; addr_of_entry_point : count;
base_of_code : count; base_of_code : count;
base_of_data : count; base_of_data : count &optional;
image_base : count; image_base : count;
section_alignment : count; section_alignment : count;
file_alignment : count; file_alignment : count;

5
src/file_analysis/analyzer/pe/pe-analyzer.pac
View file

@ -114,7 +114,10 @@ refine flow File += {
oh->Assign(5, new Val(${h.size_of_uninit_data}, TYPE_COUNT)); oh->Assign(5, new Val(${h.size_of_uninit_data}, TYPE_COUNT));
oh->Assign(6, new Val(${h.addr_of_entry_point}, TYPE_COUNT)); oh->Assign(6, new Val(${h.addr_of_entry_point}, TYPE_COUNT));
oh->Assign(7, new Val(${h.base_of_code}, TYPE_COUNT)); oh->Assign(7, new Val(${h.base_of_code}, TYPE_COUNT));
oh->Assign(8, new Val(${h.base_of_data}, TYPE_COUNT));
if ( ${h.pe_format} != PE32_PLUS )
oh->Assign(8, new Val(${h.base_of_data}, TYPE_COUNT));
oh->Assign(9, new Val(${h.image_base}, TYPE_COUNT)); oh->Assign(9, new Val(${h.image_base}, TYPE_COUNT));
oh->Assign(10, new Val(${h.section_alignment}, TYPE_COUNT)); oh->Assign(10, new Val(${h.section_alignment}, TYPE_COUNT));
oh->Assign(11, new Val(${h.file_alignment}, TYPE_COUNT)); oh->Assign(11, new Val(${h.file_alignment}, TYPE_COUNT));