They are directly from the PE specification (google around, there are copies from MSFT).
os_version.major is the major version number of the required operating system. os_version.minor is the minor version number of the required operating system. So Windows 2000 was 5.0 (major is 5, minor is 0). Windows XP was 5.1. https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832(v=vs.85).aspx The subsystem version is the version of the subsystem required to run the binary. For example, if it is a binary which requires the GUI subsystem then that value will be 2 (again, see the PE specification for details). -- WXS > On Mar 13, 2018, at 10:04 AM, Matan Bachar <matan...@gmail.com> wrote: > > Hello everyone:) > ? anyone knows what the os_version, subsystem_version and the image_version > means on the PE module > and what is the difference between the major version and the minor version? > Thank you > > -- > You received this message because you are subscribed to the Google Groups > "YARA" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to yara-project+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to yara-project+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
