/ 
STIX-1.01
/ STIX::Observable::Type::WindowsPEOptionalHeader

NAME

STIX::Observable::Type::WindowsPEOptionalHeader - STIX Cyber-observable Object (SCO) - windows PE Optional Header Type

SYNOPSIS

use STIX::Observable::Type::WindowsPEOptionalHeader;

my $windows_pe_optional_header_type = STIX::Observable::Type::WindowsPEOptionalHeader->new();

DESCRIPTION

The Windows PE Optional Header type represents the properties of the PE optional header.

METHODS

STIX::Observable::Type::WindowsPEOptionalHeader inherits all methods from STIX::Common::Properties and implements the following new ones.

STIX::Observable::Type::WindowsPEOptionalHeader->new(%properties)

Create a new instance of STIX::Observable::Type::WindowsPEOptionalHeader.

$windows_pe_optional_header_type->address_of_entry_point

Specifies the address of the entry point relative to the image base when the executable is loaded into memory.

$windows_pe_optional_header_type->base_of_code

Specifies the address that is relative to the image base of the beginning-of-code section when it is loaded into memory.

$windows_pe_optional_header_type->base_of_data

Specifies the address that is relative to the image base of the beginning-of-data section when it is loaded into memory.

$windows_pe_optional_header_type->checksum_hex

Specifies the checksum of the PE binary.

$windows_pe_optional_header_type->dll_characteristics_hex

Specifies the flags that characterize the PE binary.

$windows_pe_optional_header_type->file_alignment

Specifies the factor (in bytes) that is used to align the raw data of sections in the image file.

$windows_pe_optional_header_type->hashes

Specifies any hashes that were computed for the optional header (see STIX::Common::Hashes).

$windows_pe_optional_header_type->image_base

Specifies the preferred address of the first byte of the image when loaded into memory.

$windows_pe_optional_header_type->loader_flags_hex

Specifies the reserved loader flags.

$windows_pe_optional_header_type->magic_hex

Specifies the unsigned integer that indicates the type of the PE binary.

$windows_pe_optional_header_type->major_image_version

Specifies the major version number of the image.

$windows_pe_optional_header_type->major_linker_version

Specifies the linker major version number.

$windows_pe_optional_header_type->major_os_version

Specifies the major version number of the required operating system.

$windows_pe_optional_header_type->major_subsystem_version

Specifies the major version number of the subsystem.

$windows_pe_optional_header_type->minor_image_version

Specifies the minor version number of the image.

$windows_pe_optional_header_type->minor_linker_version

Specifies the linker minor version number.

$windows_pe_optional_header_type->minor_os_version

Specifies the minor version number of the required operating system.

$windows_pe_optional_header_type->minor_subsystem_version

Specifies the minor version number of the subsystem.

$windows_pe_optional_header_type->number_of_rva_and_sizes

Specifies the number of data-directory entries in the remainder of the optional header.

$windows_pe_optional_header_type->section_alignment

Specifies the alignment (in bytes) of PE sections when they are loaded into memory.

$windows_pe_optional_header_type->size_of_code

Specifies the size of the code (text) section. If there are multiple such sections, this refers to the sum of the sizes of each section.

$windows_pe_optional_header_type->size_of_headers

Specifies the combined size of the MS-DOS, PE header, and section headers, rounded up a multiple of the value specified in the file_alignment header.

$windows_pe_optional_header_type->size_of_heap_commit

Specifies the size of the local heap space to commit.

$windows_pe_optional_header_type->size_of_heap_reserve

Specifies the size of the local heap space to reserve.

$windows_pe_optional_header_type->size_of_image

Specifies the size, in bytes, of the image, including all headers, as the image is loaded in memory.

$windows_pe_optional_header_type->size_of_initialized_data

Specifies the size of the initialized data section. If there are multiple such sections, this refers to the sum of the sizes of each section.

$windows_pe_optional_header_type->size_of_stack_commit

Specifies the size of the stack to commit.

$windows_pe_optional_header_type->size_of_stack_reserve

Specifies the size of the stack to reserve

$windows_pe_optional_header_type->size_of_uninitialized_data

Specifies the size of the uninitialized data section. If there are multiple such sections, this refers to the sum of the sizes of each section.

$windows_pe_optional_header_type->subsystem_hex

Specifies the subsystem (e.g., GUI, device driver, etc.) that is required to run this image.

$windows_pe_optional_header_type->win32_version_value_hex

Specifies the reserved win32 version value.

HELPERS

$windows_pe_optional_header_type->TO_JSON

Helper for JSON encoders.

$windows_pe_optional_header_type->to_hash

Return the object HASH.

$windows_pe_optional_header_type->to_string

Encode the object in JSON.

$windows_pe_optional_header_type->validate

Validate the object using JSON Schema (see STIX::Schema).

SUPPORT

Bugs / Feature Requests

Please report any bugs or feature requests through the issue tracker at https://github.com/giterlizzi/perl-STIX/issues. You will be notified automatically of any progress on your issue.

Source Code

This is open source software. The code repository is available for public review and contribution under the terms of the license.

https://github.com/giterlizzi/perl-STIX

git clone https://github.com/giterlizzi/perl-STIX.git

AUTHOR

  • Giuseppe Di Terlizzi <gdt@cpan.org>

LICENSE AND COPYRIGHT

This software is copyright (c) 2024 by Giuseppe Di Terlizzi.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.