Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix major_subsys_version field in pe_optional_header event

Browse source 
It was incorrectly set the same as the `minor_subsys_version` field
of the `PE::OptionalHeader` record.
This commit is contained in:
Jon Siwek 2021-02-11 21:14:34 -08:00
parent 021a31b29a
commit 69d73f7c83
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/file_analysis/analyzer/pe/pe-analyzer.pac
View file

@ -146,7 +146,7 @@ refine flow File += {
oh->Assign(13, zeek::val_mgr->Count(${h.os_version_minor})); oh->Assign(13, zeek::val_mgr->Count(${h.os_version_minor}));
oh->Assign(14, zeek::val_mgr->Count(${h.major_image_version})); oh->Assign(14, zeek::val_mgr->Count(${h.major_image_version}));
oh->Assign(15, zeek::val_mgr->Count(${h.minor_image_version})); oh->Assign(15, zeek::val_mgr->Count(${h.minor_image_version}));
oh->Assign(16, zeek::val_mgr->Count(${h.minor_subsys_version})); oh->Assign(16, zeek::val_mgr->Count(${h.major_subsys_version}));
oh->Assign(17, zeek::val_mgr->Count(${h.minor_subsys_version})); oh->Assign(17, zeek::val_mgr->Count(${h.minor_subsys_version}));
oh->Assign(18, zeek::val_mgr->Count(${h.size_of_image})); oh->Assign(18, zeek::val_mgr->Count(${h.size_of_image}));
oh->Assign(19, zeek::val_mgr->Count(${h.size_of_headers})); oh->Assign(19, zeek::val_mgr->Count(${h.size_of_headers}));