[Forensics-changes] [yara] 67/160: Added constants concerning program headers
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:29:19 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.4.0
in repository yara.
commit 6e2d22f2e3817a9f8a5e8e325b7c38275aba37ae
Author: Michal Malik <root at devrandom.sk>
Date: Sat Mar 28 17:11:04 2015 +0100
Added constants concerning program headers
Types: PT_NULL, PT_LOAD, PT_DYNAMIC, PT_INTERP, PT_NOTE, PT_SHLIB, PT_PHDR, PT_TLS, PT_GNU_EH_FRAME
Flags: PF_X, PF_W, PF_R
---
libyara/include/yara/elf.h | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/libyara/include/yara/elf.h b/libyara/include/yara/elf.h
index 5f38658..266398d 100644
--- a/libyara/include/yara/elf.h
+++ b/libyara/include/yara/elf.h
@@ -83,6 +83,20 @@ typedef uint64_t elf64_xword_t;
#define ELF_SHF_ALLOC 0x2 // Section is present during execution
#define ELF_SHF_EXECINSTR 0x4 // Section contains executable instructions
+#define ELF_PT_NULL 0 // The array element is unused
+#define ELF_PT_LOAD 1 // Loadable segment
+#define ELF_PT_DYNAMIC 2 // Segment contains dynamic linking info
+#define ELF_PT_INTERP 3 // Contains interpreter pathname
+#define ELF_PT_NOTE 4 // Location & size of auxiliary info
+#define ELF_PT_SHLIB 5 // Reserved, unspecified semantics
+#define ELF_PT_PHDR 6 // Location and size of program header table
+#define ELF_PT_TLS 7 // Thread-Local Storage
+#define ELF_PT_GNU_EH_FRAME 0x6474e550
+
+#define ELF_PF_X 0x1 // Segment is executable
+#define ELF_PF_W 0x2 // Segment is writable
+#define ELF_PF_R 0x4 // Segment is readable
+
#pragma pack(push,1)
typedef struct
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list