From ad952beb603fff3968402c44fa0a54775f69055b Mon Sep 17 00:00:00 2001
From: Christian Studer <christian.studer@circl.lu>
Date: Tue, 2 Apr 2024 21:21:38 +0200
Subject: [PATCH] add: [pe] Added some PE fields as available with `lief` API

---
 objects/pe/definition.json | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/objects/pe/definition.json b/objects/pe/definition.json
index ae89b65..129c2d4 100644
--- a/objects/pe/definition.json
+++ b/objects/pe/definition.json
@@ -5,6 +5,12 @@
       "misp-attribute": "authentihash",
       "ui-priority": 1
     },
+    "characteristics": {
+      "description": "The characteristics that indicate the attributes of the file",
+      "disable_correlation": true,
+      "misp-attribute": "hex",
+      "ui-priority": 0
+    },
     "company-name": {
       "description": "CompanyName in the resources",
       "disable_correlation": true,
@@ -68,6 +74,18 @@
       "misp-attribute": "text",
       "ui-priority": 0
     },
+    "machine-type": {
+      "description": "Type of machine",
+      "disable_correlation": true,
+      "misp-attribute": "hex",
+      "ui-priority": 0
+    },
+    "number-of-symbols": {
+      "description": "Number of entries in the symbol table",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 0
+    },
     "number-sections": {
       "description": "Number of sections",
       "disable_correlation": true,
@@ -85,6 +103,12 @@
       "misp-attribute": "pehash",
       "ui-priority": 0
     },
+    "pointer-to-symbol-table": {
+      "description": "The file offset of the COFF symbol table.",
+      "disable_correlation": true,
+      "misp-attribute": "hex",
+      "ui-priority": 0
+    },
     "product-name": {
       "description": "ProductName in the resources",
       "disable_correlation": true,
@@ -103,6 +127,12 @@
       "multiple": true,
       "ui-priority": 0
     },
+    "size-of-optional-header": {
+      "description": "Size of the optional header and the data directories which follow this header",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 0
+    },
     "text": {
       "description": "Free text value to attach to the PE",
       "disable_correlation": true,
@@ -136,5 +166,5 @@
     "impfuzzy"
   ],
   "uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
-  "version": 7
+  "version": 8
 }
\ No newline at end of file