Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PE analyzer #2448

Merged
merged 4 commits into from
Feb 1, 2020
Merged

PE analyzer #2448

merged 4 commits into from
Feb 1, 2020

Conversation

jeremylong
Copy link
Owner

Updated PR #2446

The PR from @pscamodio has been updated to improve the analysis even more. Instead of just pulling the file version from the PE headers we can collect similar data as the Assembly Analyzer.

Todo

There is a lot of similarity to the AssemblyAnalyzer and the new PEAnalyzer. Some of this functionality should be refactored into an abstract parent class - or just fold the two analyzers into a single analyzer. If the grok assembly fails to load it maybe then just load it using pecoff4j.

Have test cases been added to cover the new functionality?

Yes - test cases have been added but could likely be improved.

amodiopescefaro and others added 4 commits January 24, 2020 08:16
@amodiopescefaro
Use pecoff4j to read dll/exe version information metadata on windows
f8f1757 
Dll and exe on windows that are not .NET assembly are only analyzed by the filename.
This is often not good enough because the filename can contain other numbers (x86, x64, ...) other than the version.
To improve the situation I've reduced the confidence of the filename parsed version and created a new analyzer
The FileVersionAnalyzer use the pecoff4j library to extract, if possible, the version from the file metadata
@pscamodio
Fix typo in fileversion analyzer settings string
ac3fb7b
@jeremylong
Merge branch 'feature/win32cpp' of https://github.com/pscamodio/Depen…
3d672de 
…dencyCheck into pscamodio-feature/win32cpp
@jeremylong
updated PR #2446 to move this to a more full fledged PE Analyzer retr…
9a7545b 
…ieving more than just the version number from the PE Headers
@boring-cyborg boring-cyborg bot added cli changes to the cli core changes to core tests test cases utils changes to utils labels Jan 25, 2020
@jeremylong jeremylong mentioned this pull request Jan 25, 2020
Closed
@jeremylong jeremylong added this to the 5.3.1 milestone Feb 1, 2020
@jeremylong jeremylong merged commit 63c5489 into master Feb 1, 2020
jeremylong added a commit that referenced this pull request Feb 3, 2020
@jeremylong
updated documentation for #2448 - PE Analyzer
d1727be
@jeremylong jeremylong deleted the PEAnalyzer branch February 18, 2020 12:37
@lock lock bot locked and limited conversation to collaborators Apr 2, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
cli changes to the cli core changes to core tests test cases utils changes to utils
Projects
None yet
Milestone
5.3.1
Development

Successfully merging this pull request may close these issues.
3 participants
@jeremylong @amodiopescefaro @pscamodio