[Forensics-changes] [yara] 392/407: Merge pull request #233 from wxsBSD/section_characteristics

[Hilko Bengen]

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.3.0
in repository yara.

commit d0cabe7cae742256983ff74d3f8f5b6e47ec126a
Merge: 73f1447 9a282e6
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Mon Feb 9 10:06:27 2015 +0100

    Merge pull request #233 from wxsBSD/section_characteristics
    
    Section characteristics and section_index_addr

 libyara/include/yara/pe.h | 15 ++++++++
 libyara/modules/pe.c      | 93 ++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 106 insertions(+), 2 deletions(-)

diff --cc libyara/include/yara/pe.h
index 0b6d1b6,82a7251..c6f43e6
--- a/libyara/include/yara/pe.h
+++ b/libyara/include/yara/pe.h
@@@ -125,29 -114,24 +125,44 @@@ typedef struct _IMAGE_FILE_HEADER 
  #define IMAGE_FILE_BYTES_REVERSED_HI         0x8000  // Bytes of machine word are reversed.
  
  
 -#define IMAGE_FILE_MACHINE_I386              0x014c  // Intel 386.
 -#define IMAGE_FILE_MACHINE_AMD64             0x8664  // Intel x64.
 +#define IMAGE_FILE_MACHINE_UNKNOWN           0x0000
 +#define IMAGE_FILE_MACHINE_AM33              0x01d3
 +#define IMAGE_FILE_MACHINE_AMD64             0x8664
 +#define IMAGE_FILE_MACHINE_ARM               0x01c0
 +#define IMAGE_FILE_MACHINE_ARMNT             0x01c4
 +#define IMAGE_FILE_MACHINE_ARM64             0xaa64
 +#define IMAGE_FILE_MACHINE_EBC               0x0ebc
 +#define IMAGE_FILE_MACHINE_I386              0x014c
 +#define IMAGE_FILE_MACHINE_IA64              0x0200
 +#define IMAGE_FILE_MACHINE_M32R              0x9041
 +#define IMAGE_FILE_MACHINE_MIPS16            0x0266
 +#define IMAGE_FILE_MACHINE_MIPSFPU           0x0366
 +#define IMAGE_FILE_MACHINE_MIPSFPU16         0x0466
 +#define IMAGE_FILE_MACHINE_POWERPC           0x01f0
 +#define IMAGE_FILE_MACHINE_POWERPCFP         0x01f1
 +#define IMAGE_FILE_MACHINE_R4000             0x0166
 +#define IMAGE_FILE_MACHINE_SH3               0x01a2
 +#define IMAGE_FILE_MACHINE_SH3DSP            0x01a3
 +#define IMAGE_FILE_MACHINE_SH4               0x01a6
 +#define IMAGE_FILE_MACHINE_SH5               0x01a8
 +#define IMAGE_FILE_MACHINE_THUMB             0x01c2
 +#define IMAGE_FILE_MACHINE_WCEMIPSV2         0x0169
  
+ // Section characteristics
+ #define SECTION_CNT_CODE                     0x00000020
+ #define SECTION_CNT_INITIALIZED_DATA         0x00000040
+ #define SECTION_CNT_UNINITIALIZED_DATA       0x00000080
+ #define SECTION_GPREL                        0x00008000
+ #define SECTION_MEM_16BIT                    0x00020000
+ #define SECTION_LNK_NRELOC_OVFL              0x01000000
+ #define SECTION_MEM_DISCARDABLE              0x02000000
+ #define SECTION_MEM_NOT_CACHED               0x04000000
+ #define SECTION_MEM_NOT_PAGED                0x08000000
+ #define SECTION_MEM_SHARED                   0x10000000
+ #define SECTION_MEM_EXECUTE                  0x20000000
+ #define SECTION_MEM_READ                     0x40000000
+ #define SECTION_MEM_WRITE                    0x80000000
+ 
  //
  // Directory format.
  //

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git