fix: [pe-optional-header] Updated object template

- Harmonised object relations to match with the `pe` template object relations, especially the ones for hex values - Added object relations for `magic` value and `subsystem` hex value
2024-07-25 10:34:05 +02:00 · 2024-07-25 10:34:05 +02:00 · ecb061bb1b
parent d062743502
commit ecb061bb1b
1 changed files with 44 additions and 28 deletions
--- a/objects/pe-optional-header/definition.json
+++ b/objects/pe-optional-header/definition.json
@ -1,18 +1,18 @@
 {
  "attributes": {
-    "address_of_entrypoint": {
+    "address-of-entrypoint": {
      "description": "The address of the entry point relative to the image base when the executable file is loaded into memory",
      "disable_correlation": true,
      "misp-attribute": "integer",
      "ui-priority": 1
    },
-    "base_of_code": {
+    "base-of-code": {
      "description": "Address relative to the imagebase where the binary's code starts",
      "disable_correlation": true,
      "misp-attribute": "integer",
      "ui-priority": 0
    },
-    "base_of_data": {
+    "base-of-data": {
      "description": "Address relative to the imagebase where the binary's data starts",
      "disable_correlation": true,
      "misp-attribute": "integer",
@ -24,7 +24,7 @@
      "misp-attribute": "hex",
      "ui-priority": 0
    },
-    "dll_characteristics": {
+    "dll-characteristics": {
      "description": "Some characteristics of the underlying binary",
      "disable_correlation": true,
      "misp-attribute": "text",
@ -44,24 +44,24 @@
      ],
      "ui-priority": 0
    },
-    "dll_characteristics_hex": {
+    "dll-characteristics-hex": {
      "description": "The DLL characteristics in a single hex value",
      "disable_correlation": true,
      "misp-attribute": "hex",
      "ui-priority": 0
    },
-    "file_alignment": {
+    "file-alignment": {
      "description": "The alignment factor (in bytes) that is used to align the raw data of sections in the image file",
      "misp-attribute": "size-in-bytes",
      "ui-priority": 0
    },
-    "image_base": {
+    "image-base": {
      "description": "The preferred base address when mapping the binary in memory",
      "disable_correlation": true,
      "misp-attribute": "integer",
      "ui-priority": 0
    },
-    "loader_flags": {
+    "loader-flags": {
      "description": "According to the PE specifications, this value is reserved and should be 0",
      "disable_correlation": true,
      "misp-attribute": "hex",
@ -70,109 +70,119 @@
    "magic": {
      "description": "Magic value (PE_TYPE) that identifies a PE32 from a PE64",
      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "PE32",
+        "PE32_PLUS"
+      ],
+      "ui-priority": 0
+    },
+    "magic-hex": {
+      "description": "The magic value in a simple hex value",
+      "disable_correlation": true,
      "misp-attribute": "hex",
      "ui-priority": 0
    },
-    "major_image_version": {
+    "major-image-version": {
      "description": "The major version number of the image",
      "disable_correlation": true,
      "misp-attribute": "integer",
      "ui-priority": 0
    },
-    "major_linker_version": {
+    "major-linker-version": {
      "description": "The linker major version number",
      "disable_correlation": true,
      "misp-attribute": "integer",
      "ui-priority": 0
    },
-    "major_os_version": {
+    "major-os-version": {
      "description": "The major version number of the required operating system",
      "disable_correlation": true,
      "misp-attribute": "integer",
      "ui-priority": 0
    },
-    "major_subsystem_version": {
+    "major-subsystem-version": {
      "description": "The major version number of the subsystem",
      "disable_correlation": true,
      "misp-attribute": "integer",
      "ui-priority": 0
    },
-    "minor_image_version": {
+    "minor-image-version": {
      "description": "The minor version number of the image",
      "disable_correlation": true,
      "misp-attribute": "integer",
      "ui-priority": 0
    },
-    "minor_linker_version": {
+    "minor-linker-version": {
      "description": "The linker minor version number",
      "disable_correlation": true,
      "misp-attribute": "integer",
      "ui-priority": 0
    },
-    "minor_os_version": {
+    "minor-os-version": {
      "description": "The minor version number of the required operating system",
      "disable_correlation": true,
      "misp-attribute": "integer",
      "ui-priority": 0
    },
-    "minor_subsystem_version": {
+    "minor-subsystem-version": {
      "description": "The minor version number of the subsystem",
      "disable_correlation": true,
      "misp-attribute": "integer",
      "ui-priority": 0
    },
-    "number_of_rva_and_size": {
+    "number-of-rva-and-size": {
      "description": "The number of DataDirectory that follow this header",
      "disable_correlation": true,
      "misp-attribute": "integer",
      "ui-priority": 0
    },
-    "section_alignment": {
+    "section-alignment": {
      "description": "The alignment (in bytes) of sections when they are loaded into memory. It must be greater than or equal to file_alignment and the default is the page size for the architecture",
      "misp-attribute": "size-in-bytes",
      "ui-priority": 0
    },
-    "size_of_code": {
+    "size-of-code": {
      "description": "The size of the code .text section or the sum of all the sections that contain code",
      "misp-attribute": "size-in-bytes",
      "ui-priority": 0
    },
-    "size_of_headers": {
+    "size-of-headers": {
      "description": "The combined size of an MS-DOS stub, PE header, and section headers rounded up to a multiple of file_alignment",
      "misp-attribute": "size-in-bytes",
      "ui-priority": 0
    },
-    "size_of_heap_commit": {
+    "size-of-heap-commit": {
      "description": "The size of the local heap space to commit",
      "misp-attribute": "size-in-bytes",
      "ui-priority": 0
    },
-    "size_of_heap_reserve": {
+    "size-of-heap-reserve": {
      "description": "The size of the local heap space to reserve",
      "misp-attribute": "size-in-bytes",
      "ui-priority": 0
    },
-    "size_of_image": {
+    "size-of-image": {
      "description": "The size (in bytes) of the image, including all headers, as the image is loaded in memory",
      "misp-attribute": "size-in-bytes",
      "ui-priority": 0
    },
-    "size_of_initialised_data": {
+    "size-of-initialised-data": {
      "description": "The size of the initialized data which are usually located in the .data section. If the initialized data are split across multiple sections, it is the sum of the sections",
      "misp-attribute": "size-in-bytes",
      "ui-priority": 0
    },
-    "size_of_stack_commit": {
+    "size-of-stack-commit": {
      "description": "The size of the stack to commit",
      "misp-attribute": "size-in-bytes",
      "ui-priority": 0
    },
-    "size_of_stack_reserve": {
+    "size-of-stack-reserve": {
      "description": "The size of the stack to reserve",
      "misp-attribute": "size-in-bytes",
      "ui-priority": 0
    },
-    "size_of_uninitialised_data": {
+    "size-of-uninitialised-data": {
      "description": "The size of the uninitialized data which are usually located in the .bss section. If the uninitialized data are split across multiple sections, it is the sum of the sections",
      "misp-attribute": "size-in-bytes",
      "ui-priority": 0
@ -199,7 +209,13 @@
      ],
      "ui-priority": 0
    },
-    "win32_version_value": {
+    "subsystem-hex": {
+      "description": "The subsystem in a simple hex value",
+      "disable_correlation": true,
+      "misp-attribute": "hex",
+      "ui-priority": 0
+    },
+    "win32-version-value": {
      "description": "Specifies the reserved win32 version value (must be zero)",
      "disable_correlation": true,
      "misp-attribute": "hex",