Merge pull request #9 from sebdraven/master

add information in elf and elf sections
2017-03-14 10:09:32 +01:00 · 2017-03-14 10:09:32 +01:00 · c57e6a568d
parent 8ec59dca1a 16f41b2b4a
commit c57e6a568d
2 changed files with 77 additions and 11 deletions
--- a/objects/elf-section/definition.json
+++ b/objects/elf-section/definition.json
@ -4,12 +4,37 @@
  "description": "Object describing a section of an Executable and Linkable Format",
  "version": 1,
  "attributes": {
-    "name": {
+    "sh_name": {
      "misp-attribute": "text",
      "misp-usage-frequency": 1,
      "disable_correlation": true
    },
-    "Flags": {
+    "sh_type": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0,
+      "sane_default": [
+        "SHT_NULL",
+        "SHT_PROGBITS",
+        "SHT_SYMTAB",
+        "SHT_STRTAB",
+        "SHT_RELA",
+        "SHT_HASH",
+        "SHT_DYNAMIC",
+        "SHT_NOTE",
+        "SHT_NOBITS",
+        "SHT_REL",
+        "SHT_SHLIB",
+        "SHT_DYNSYM",
+        "SHT_INIT_ARRAY",
+        "SHT_FINI_ARRAY",
+        "SHT_PREINIT_ARRAY",
+        "SHT_GROUP",
+        "SHT_SYMTAB_SHNDX",
+        "SHT_NUM",
+        "SHT_LOOS"
+      ]
+    },
+    "sh_flags": {
      "misp-attribute": "text",
      "misp-usage-frequency": 0,
      "sane_default": [
@ -36,7 +61,7 @@
      "misp-usage-frequency": 1,
      "disable_correlation": true
    },
-    "size-in-bytes": {
+    "sh_size": {
      "misp-attribute": "size-in-bytes",
      "misp-usage-frequency": 1,
      "disable_correlation": true
--- a/objects/elf/definition.json
+++ b/objects/elf/definition.json
@ -13,11 +13,7 @@
      "misp-attribute": "filename",
      "misp-usage-frequency": 1
    },
-    "internal-filename": {
-      "misp-attribute": "filename",
-      "misp-usage-frequency": 0
-    },
-    "entrypoint-address": {
+    "e_entry": {
      "misp-attribute": "text",
      "misp-usage-frequency": 0,
      "disable_correlation": true
@ -27,15 +23,60 @@
      "misp-usage-frequency": 0,
      "disable_correlation": true
    },
-    "file-version": {
+    "e_version": {
      "misp-attribute": "text",
      "misp-usage-frequency": 0,
      "disable_correlation": true
    },
-    "elf-type": {
+    "e_type": {
      "misp-attribute": "text",
      "misp-usage-frequency": 0,
-      "disable_correlation": true
+      "sane_default": [
+        "relocatable",
+        "executable",
+        "shared",
+        "core"
+      ]
+    },
+    "e_ident_abi": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0,
+      "sane_default": [
+        "System V",
+        "HP_UX",
+        "NetBSD",
+        "Linux",
+        "Solaris",
+        "AIX",
+        "IRIX",
+        "FreeBSD",
+        "True64",
+        "Novell Modesto",
+        "OpenBSD",
+        "OpenVMS",
+        "NonStop Kernel",
+        "AROS",
+        "Fenis OS",
+        "CloudABI",
+        "Sortix"
+      ]
+    },
+    "e_machine": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0,
+      "sane_default": [
+        "No specific instruction set",
+        "SPARC",
+        "X86",
+        "MISP",
+        "PowerPC",
+        "ARM",
+        "SuperH",
+        "IA-64",
+        "x86-64",
+        "AArch64",
+        "RISC-V"
+      ]
    }
  },
  "requiredOneOf": [