Changeset 1148 for pehunter/README
- Timestamp:
- 03/20/07 22:41:23 (2 years ago)
- Files:
-
- pehunter/README (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
pehunter/README
r1134 r1148 1 PE Hunter is a plugin for snort (aka dynamic preprocessor) which extracts 2 Windows executables (files in PE format) from the network stream and dumps them 3 to disk. 1 PE Hunter is a plugin for snort (aka dynamic preprocessor) for extracting 2 Windows executables (files in PE format) from the network stream. 4 3 5 4 It first spots a PE header and then uses a simple heuristik to calculate the 6 file length. Starting at the position of the header, the resulting number of5 file length. Starting at the header offset in a stream, the resulting number of 7 6 bytes is then dumped to a file. 8 7
