Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No "imports" details on PE data callback #154

Open
ariefprabowo opened this issue Aug 12, 2020 · 1 comment
Open

No "imports" details on PE data callback #154

ariefprabowo opened this issue Aug 12, 2020 · 1 comment

Comments

@ariefprabowo
Copy link

Thank you for this awesome project!

I have some questions:

  1. When I using the pe module and parsing the data returned by the Yara's callback function, I can't find any entry related to the import details. Is there any reason why it's not included in the returned data? On that data, I can find export_details (func name, offset, ordinal, etc) but no import_details or similar entry, only number_of_imports available?

  2. Also, is it possible to include the imphash value on that data too?

Thank you!
@wxsBSD
Copy link
Contributor

wxsBSD commented Aug 12, 2020

The imports stuff is not directly exposed, it is only available via functions, which are not exposed to callback data (for good reasons). This is also true for imphash - it too is a function.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wxsBSD @ariefprabowo