[Forensics-changes] [yara] 153/160: Update documentation

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:29:28 UTC 2017 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.4.0
in repository yara.

commit ca4c2e2d8d949209054a71a7664d866f608ea261
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Thu Jun 18 11:13:23 2015 +0200

    Update documentation
---
 docs/modules/elf.rst | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 docs/modules/pe.rst  | 35 +++++++++++++-------------
 2 files changed, 86 insertions(+), 18 deletions(-)

diff --git a/docs/modules/elf.rst b/docs/modules/elf.rst
index 53d1668..070e585 100644
--- a/docs/modules/elf.rst
+++ b/docs/modules/elf.rst
@@ -86,7 +86,7 @@ Reference
 
 .. c:type:: sections
 
-    An zero-based array of section objects, one for each section the ELF has.
+    A zero-based array of section objects, one for each section the ELF has.
     Individual sections can be accessed by using the [] operator. Each section
     object has the following attributes:
 
@@ -186,8 +186,75 @@ Reference
         *Example: elf.section[2].flags & elf.SHF_WRITE*
 
 
+.. c:type:: number_of_segments
 
+    .. versionadded:: 3.4.0
 
+    Number of segments in the ELF file.
+
+.. c:type:: segments
+
+    .. versionadded:: 3.4.0
+
+    A zero-based array of segments objects, one for each segment the ELF has.
+    Individual segments can be accessed by using the [] operator. Each segment
+    object has the following attributes:
+
+    .. c:member:: alignment
+
+        Value to which the segments are aligned in memory and in the file.
+
+    .. c:member:: file_size
+
+        Number of bytes in the file image of the segment.  It may be zero.
+
+    .. c:member:: flags
+
+        A combination of the following segment flags:
+
+        .. c:type:: PF_R
+
+            The segment is readable.
+
+        .. c:type:: PF_W
+
+            The segment is writable.
+
+        .. c:type:: PF_X
+
+            The segment is executable.
+
+    .. c:member:: memory_size
+
+        On-memory segment size.
+
+    .. c:member:: offset
+
+        Offset from the beginning of the file where the segment resides.
+
+    .. c:member:: physical_address
+
+        On systems for which physical addressing is relevant, contains the
+        segment's physical address.
+
+    .. c:member:: type
+
+        Type of segment indicated by one of the following values:
+
+        .. c:type:: PT_NULL
+        .. c:type:: PT_LOAD
+        .. c:type:: PT_DYNAMIC
+        .. c:type:: PT_INTERP
+        .. c:type:: PT_NOTE
+        .. c:type:: PT_SHLIB
+        .. c:type:: PT_PHDR
+        .. c:type:: PT_LOPROC
+        .. c:type:: PT_HIPROC
+        .. c:type:: PT_GNU_STACK
+
+    .. c:member:: virtual_address
+
+        Virtual address at which the segment resides in memory.
 
 
 
diff --git a/docs/modules/pe.rst b/docs/modules/pe.rst
index d4ec580..d0c8c53 100644
--- a/docs/modules/pe.rst
+++ b/docs/modules/pe.rst
@@ -35,6 +35,8 @@ Reference
 
 .. c:type:: machine
 
+    .. versionchanged:: 3.3.0
+
     Integer with one of the following values:
 
     .. c:type:: MACHINE_UNKNOWN
@@ -62,8 +64,6 @@ Reference
 
     *Example: pe.machine == pe.MACHINE_AMD64*
 
-    .. versionchanged:: 3.3.0
-
 .. c:type:: subsystem
 
     Integer with one of the following values:
@@ -173,6 +173,8 @@ Reference
 
 .. c:type:: sections
 
+    .. versionadded:: 3.3.0
+
     An zero-based array of section objects, one for each section the PE has.
     Individual sections can be accessed by using the [] operator. Each section
     object has the following attributes:
@@ -220,8 +222,6 @@ Reference
     .. c:type:: SECTION_MEM_READ
     .. c:type:: SECTION_MEM_WRITE
 
-    .. versionadded:: 3.3.0
-
     *Example: pe.sections[1].characteristics & SECTION_CNT_CODE*
 
 .. c:type:: number_of_resources
@@ -246,6 +246,8 @@ Reference
 
 .. c:type:: resources
 
+    .. versionchanged:: 3.3.0
+
     An zero-based array of resource objects, one for each resource the PE has.
     Individual resources can be accessed by using the [] operator. Each
     resource object has the following attributes:
@@ -317,10 +319,10 @@ Reference
 
     http://msdn.microsoft.com/en-us/library/ms648009(v=vs.85).aspx
 
-    .. versionchanged:: 3.3.0
-
 .. c:type:: version_info
 
+    .. versionadded:: 3.2.0
+
     Dictionary containing PE's version information. Typical keys are:
 
         ``Comments``
@@ -340,8 +342,6 @@ Reference
 
     *Example:  pe.version_info["CompanyName"] contains "Microsoft"*
 
-    .. versionadded:: 3.2.0
-
 .. c:type:: number_of_signatures
 
     Number of authenticode signatures in the PE.
@@ -393,11 +393,11 @@ Reference
         Function returning true if the signature was valid the on date
         indicated by *timestamp*. The following sentence::
 
-            pe.signature[n].valid_on(timestamp)
+            pe.signatures[n].valid_on(timestamp)
 
         Is equivalent to::
 
-            timestamp >= pe.signature[n].not_before and timestamp <= pe.signature[n].not_after
+            timestamp >= pe.signatures[n].not_before and timestamp <= pe.signatures[n].not_after
 
 .. c:type:: rich_signature
 
@@ -441,6 +441,8 @@ Reference
 
 .. c:function:: locale(locale_identifier)
 
+    .. versionadded:: 3.2.0
+
     Function returning true if the PE has a resource with the specified locale
     identifier. Locale identifiers are 16-bit integers and can be found here:
 
@@ -448,10 +450,10 @@ Reference
 
     *Example: pe.locale(0x0419) // Russian (RU)*
 
-    .. versionadded:: 3.2.0
-
 .. c:function:: language(language_identifier)
 
+    .. versionadded:: 3.2.0
+
     Function returning true if the PE has a resource with the specified language
     identifier. Language identifiers are 8-bit integers and can be found here:
 
@@ -459,10 +461,10 @@ Reference
 
     *Example: pe.language(0x0A) // Spanish*
 
-    .. versionadded:: 3.2.0
-
 .. c:function:: imphash()
 
+    .. versionadded:: 3.2.0
+
     Function returning the import hash or imphash for the PE. The imphash is
     a MD5 hash of the PE's import table after some normalization. The imphash
     for a PE can be also computed with `pefile <http://code.google.com/p/pefile/>`_ and you can find more information in
@@ -470,8 +472,6 @@ Reference
 
     *Example: pe.imphash() == "b8bb385806b89680e13fc0cf24f4431e"*
 
-    .. versionadded:: 3.2.0
-
 .. c:function:: section_index(name)
 
   Function returning the index into the sections array for the section that has
@@ -481,9 +481,10 @@ Reference
 
 .. c:function:: section_index(addr)
 
+ .. versionadded:: 3.3.0
+
   Function returning the index into the sections array for the section that has
   *addr*. *addr* can be an offset into the file or a memory address.
 
   *Example: pe.section_index(pe.entry_point)*
 
-  .. versionadded:: 3.3.0

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list