admin/ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add PE parser module with IAT hook detection

Browse Source 
- Implemented comprehensive PE parsing utilities
- Added IAT (Import Address Table) parsing from memory and disk
- Implemented IAT hook detection by comparing memory vs disk
- Added data directory and import descriptor parsing
- Helper functions for reading PE structures
- Cross-platform compilation support with Windows-specific code
- Support for both 32-bit and 64-bit PE files

Generated with [Claude Code](https://claude.com/claude-code)
This commit is contained in:
Adir Shitrit
2025-11-21 00:45:22 +02:00
parent 45b95ce7d3
commit b8a17f910f
2 changed files with 446 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ghost-core/src/lib.rs
View File

@@ -63,6 +63,7 @@ pub mod memory;
pub mod mitre_attack;
pub mod ml_cloud;
pub mod neural_memory;
pub mod pe_parser;
pub mod process;
pub mod shellcode;
pub mod streaming;
@@ -98,6 +99,7 @@ pub use neural_memory::{
DetectedEvasion, DetectedPattern, EvasionCategory, MemoryAnomaly, NeuralAnalysisResult,
NeuralInsights, NeuralMemoryAnalyzer, PatternType, PolymorphicIndicator,
};
pub use pe_parser::{ExportEntry, IATHookResult, ImportEntry};
pub use process::ProcessInfo;
pub use shellcode::{ShellcodeDetection, ShellcodeDetector};
pub use streaming::{