Skip to content

PE analyzer#2448

Merged
jeremylong merged 4 commits intomasterfrom
PEAnalyzer
Feb 1, 2020
Merged

PE analyzer#2448
jeremylong merged 4 commits intomasterfrom
PEAnalyzer

Conversation

@jeremylong
Copy link
Copy Markdown
Collaborator

@jeremylong jeremylong commented Jan 25, 2020

Updated PR #2446

The PR from @pscamodio has been updated to improve the analysis even more. Instead of just pulling the file version from the PE headers we can collect similar data as the Assembly Analyzer.

Todo

There is a lot of similarity to the AssemblyAnalyzer and the new PEAnalyzer. Some of this functionality should be refactored into an abstract parent class - or just fold the two analyzers into a single analyzer. If the grok assembly fails to load it maybe then just load it using pecoff4j.

Have test cases been added to cover the new functionality?

Yes - test cases have been added but could likely be improved.

amodiopescefaro and others added 4 commits January 24, 2020 08:16
@amodiopescefaro
Use pecoff4j to read dll/exe version information metadata on windows
f8f1757 
Dll and exe on windows that are not .NET assembly are only analyzed by the filename.
This is often not good enough because the filename can contain other numbers (x86, x64, ...) other than the version.
To improve the situation I've reduced the confidence of the filename parsed version and created a new analyzer
The FileVersionAnalyzer use the pecoff4j library to extract, if possible, the version from the file metadata
@pscamodio
Fix typo in fileversion analyzer settings string
ac3fb7b
@jeremylong
Merge branch 'feature/win32cpp' of https://github.com/pscamodio/Depen…
3d672de 
…dencyCheck into pscamodio-feature/win32cpp
@jeremylong
updated PR #2446 to move this to a more full fledged PE Analyzer retr…
9a7545b 
…ieving more than just the version number from the PE Headers
@boring-cyborg boring-cyborg Bot added cli changes to the cli core changes to core tests test cases utils changes to utils labels Jan 25, 2020
@jeremylong jeremylong mentioned this pull request Jan 25, 2020
Closed
@jeremylong jeremylong added this to the 5.3.1 milestone Feb 1, 2020
@jeremylong jeremylong merged commit 63c5489 into master Feb 1, 2020
jeremylong added a commit that referenced this pull request Feb 3, 2020
@jeremylong
updated documentation for #2448 - PE Analyzer
d1727be
@jeremylong jeremylong deleted the PEAnalyzer branch February 18, 2020 12:37
@lock lock Bot locked and limited conversation to collaborators Apr 2, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

cli changes to the cli core changes to core tests test cases utils changes to utils

Projects

None yet

Milestone

5.3.1

Development

Successfully merging this pull request may close these issues.

3 participants

@jeremylong @amodiopescefaro @pscamodio