PE analyzer

This repository contains a Spicy-based analyzer for the Portable Executable (PE) image file format,

This analyzer replaces the builtin Zeek PE analyzer.

Options

Some fields in the logs are disabled by default, but they can be enabled with the following redefinitions.

Option	Description
`PE::pe_log_section_entropy=T`	Log the Shannon entropy for every section in the `section_info` field.
`PE::pe_log_section_flags=T`	Log whether sections are (r)eadable, (e)xecutable and/or (w)ritable in the `section_info` field.
`PE::pe_log_import_table=T`	Log all the imported function names in the PE, prepended with the source file, to the `import_table` field.
`PE::pe_log_export_table=T`	Log all the exported function names in the PE to the `export_table` field.

parse the data from remaining directory sections
allowing tuning/control of parsing contraints would be nice, but something that Spicy would have to support, see this discussion

Name		Name	Last commit message	Last commit date
Latest commit History 48 Commits
.github/workflows		.github/workflows
analyzer		analyzer
cmake		cmake
tests		tests
.cmake-format.json		.cmake-format.json
.gitignore		.gitignore
.mdlrc		.mdlrc
.pre-commit-config.yaml		.pre-commit-config.yaml
CMakeLists.txt		CMakeLists.txt
LICENSE		LICENSE
README.md		README.md
zkg.meta		zkg.meta