Add debug_details and load_config_timestamp to PE module. #1976
Commits on Sep 28, 2023
-
Add debug_infos array to pe module.
Fun fact: debug information is actually an array of structures. Historically, YARA has stopped parsing after finding the first entry with a PDB path (with some other restrictions around the type of debug entry this is). However, each entry can have different information (including pdb paths), so let's add an array of debug_infos structures which contain timestamp, type and pdb path. Just in testing I discovered legit binaries that have different PDB paths in them, which is actually kind of interesting.
Commits on Sep 29, 2023
-
Implement load config parsing.
Specifically, I'm only parsing out the timestamp field of the structure. While here, rename the newly created "debug_infos" array to "debug_details".
-
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.