pub const FIELD_DOCS: &[(&str, u64, &str)] = &[
("crx.Crx", 1, "True if the file is a valid Chrome Extension (CRX) package."),
("crx.Crx", 2, "Format version of the CRX package."),
("crx.Crx", 3, "Size in bytes of the binary CRX header."),
("crx.Crx", 4, "Standard 32-character extension ID string."),
("crx.Crx", 5, "Processed extension name extracted from the manifest."),
("crx.Crx", 6, "Processed extension description extracted from the manifest."),
("crx.Crx", 7, "Raw unparsed extension name extracted from the manifest."),
("crx.Crx", 8, "Raw unparsed extension description extracted from the manifest."),
("crx.Crx", 9, "Minimum Chrome version requirement string from the manifest."),
("crx.Crx", 10, "Homepage URL string defined inside the manifest."),
("crx.Crx", 11, "Required runtime permissions defined inside the manifest."),
("crx.Crx", 12, "Required host access permissions defined inside the manifest."),
("crx.Crx", 13, "Optional runtime permissions defined inside the manifest."),
("crx.Crx", 14, "Optional host access permissions defined inside the manifest."),
("crx.Crx", 15, "Cryptographic signatures validating the package."),
("crx.Crx", 16, "Extension version string extracted from the manifest."),
("crx.CrxSignature", 1, "Public key or identifier string used in the signature."),
("crx.CrxSignature", 2, "True if the cryptographic signature successfully verified."),
("dex.ClassItem", 1, "Core descriptor representing the class type."),
("dex.ClassItem", 2, "Bitwise flags specifying accessibility constraints and attributes."),
("dex.ClassItem", 3, "Superclass descriptor inherited by this object."),
("dex.ClassItem", 4, "Source code file name metadata string."),
("dex.Dex", 1, "True if the file is a valid Dalvik Executable (DEX)."),
("dex.Dex", 2, "Standard header items parsed from the binary."),
("dex.Dex", 3, "Array of strings extracted from the string pool."),
("dex.Dex", 4, "Data types explicitly defined in the type pool."),
("dex.Dex", 5, "Function prototypes structured from the prototype pool."),
("dex.Dex", 6, "Distinct class fields extracted from the field list."),
("dex.Dex", 7, "Specific subroutines and methods defined."),
("dex.Dex", 8, "Structured class definition objects."),
("dex.Dex", 9, "Mapping metadata table listing item offsets and sizes."),
("dex.DexHeader", 1, "Magic identifier characterizing the file type."),
("dex.DexHeader", 2, "Format version designation (e.g., 35, 36, 37)."),
("dex.DexHeader", 3, "Standard Adler32 checksum of the remainder of the file."),
("dex.DexHeader", 4, "Cryptographic SHA-1 signature of the remaining file contents."),
("dex.DexHeader", 5, "Physical size in bytes of the complete file."),
("dex.DexHeader", 6, "Combined size in bytes of the binary header block."),
("dex.DexHeader", 7, "Byte ordering identifier constant."),
("dex.DexHeader", 8, "Physical size of the link section."),
("dex.DexHeader", 9, "Offset pointing to the link section data."),
("dex.DexHeader", 23, "Size in bytes of the main data section."),
("dex.DexHeader", 24, "File offset pointing to the main data block."),
("dex.DexHeader", 25, "Combined size constraint allocated for the container."),
("dex.DexHeader", 26, "File offset marking the beginning of the primary header."),
("dex.FieldItem", 1, "Name of the parent class defining the field."),
("dex.FieldItem", 2, "Specific data type categorization of the field."),
("dex.FieldItem", 3, "Descriptive string identifier assigned to the field."),
("dex.MapItem", 1, "Standard item classification type code."),
("dex.MapItem", 2, "Reserved unused padding field."),
("dex.MapItem", 3, "Total count of individual items in this section."),
("dex.MapItem", 4, "File offset marking the start of the designated items."),
("dex.MapList", 1, "Number of specific map item elements tracked."),
("dex.MapList", 2, "Structured mapping descriptors detailing item positions."),
("dex.MethodItem", 1, "Parent class descriptor string containing the method."),
("dex.MethodItem", 2, "Signature prototype defining the function arguments and return value."),
("dex.MethodItem", 3, "Individual function name assigned to the method."),
("dex.ProtoItem", 1, "Short-form signature representing the return and argument types."),
("dex.ProtoItem", 2, "Standard data type descriptor of the return value."),
("dex.ProtoItem", 3, "Total count of arguments accepted by the prototype."),
("dex.ProtoItem", 4, "Data type descriptions corresponding to each argument."),
("dotnet.Assembly", 1, "Name of the active assembly."),
("dotnet.Assembly", 2, "Standard culture setting applicable to the assembly."),
("dotnet.Assembly", 3, "Version descriptor assigned to the assembly."),
("dotnet.AssemblyRef", 1, "Identifier string representing the external assembly."),
("dotnet.AssemblyRef", 2, "Cryptographic key or access token assigned to the assembly."),
("dotnet.AssemblyRef", 3, "Standard version requirement for the referenced assembly."),
("dotnet.Class", 1, "Full namespace and class name descriptor."),
("dotnet.Class", 2, "Individual class designation name string."),
("dotnet.Class", 3, "Target namespace string containing the class."),
("dotnet.Class", 4, "Access visibility modifier applied to the class."),
("dotnet.Class", 5, "Categorization of the class type."),
("dotnet.Class", 6, "True if the class is marked as abstract."),
("dotnet.Class", 7, "True if the class is marked as sealed."),
("dotnet.Class", 8, "Count of inherited base types declared by the class."),
("dotnet.Class", 9, "Total count of generic parameters specified."),
("dotnet.Class", 10, "Number of methods explicitly defined inside the class."),
("dotnet.Class", 11, "Distinct base types inherited by this class."),
("dotnet.Class", 12, "Defined generic parameters applicable to the class."),
("dotnet.Class", 13, "Methods and subroutines implemented within the class."),
("dotnet.Dotnet", 1, "True if the file is a valid .NET framework executable."),
("dotnet.Dotnet", 2, "Module name designation extracted from the assembly."),
("dotnet.Dotnet", 3, "Version string of the embedded module."),
("dotnet.Dotnet", 4, "Total count of embedded streams inside the file."),
("dotnet.Dotnet", 5, "Count of unique GUIDs defined within the module."),
("dotnet.Dotnet", 6, "Total number of individual resources embedded."),
("dotnet.Dotnet", 7, "Count of generic parameters defined inside the assembly."),
("dotnet.Dotnet", 10, "Total count of classes extracted from the executable."),
("dotnet.Dotnet", 11, "Number of external assembly references declared."),
("dotnet.Dotnet", 12, "Number of external module references defined."),
("dotnet.Dotnet", 13, "Count of strings defined inside the user string heap."),
("dotnet.Dotnet", 14, "Number of constant elements stored inside the assembly."),
("dotnet.Dotnet", 15, "Total count of structured field offsets available."),
("dotnet.Dotnet", 16, "Core type library representation identifier string."),
("dotnet.Dotnet", 17, "Individual streams mapped from the metadata root."),
("dotnet.Dotnet", 18, "Distinct GUID values associated with the executable."),
("dotnet.Dotnet", 19, "Internal constants extracted from the binary."),
("dotnet.Dotnet", 20, "Structured metadata describing the primary assembly."),
("dotnet.Dotnet", 21, "External assembly elements referenced by the program."),
("dotnet.Dotnet", 22, "Specific resources stored directly inside the module."),
("dotnet.Dotnet", 23, "Defined classes and types structured from the program."),
("dotnet.Dotnet", 24, "Relative offsets describing specific fields."),
("dotnet.Dotnet", 25, "String definitions extracted from the user string pool."),
("dotnet.Dotnet", 26, "Descriptive names of external modules imported."),
("dotnet.Method", 1, "Individual function name string."),
("dotnet.Method", 2, "Access visibility scope applied to the method."),
("dotnet.Method", 3, "True if the function is an abstract definition."),
("dotnet.Method", 4, "True if the function is marked as static."),
("dotnet.Method", 5, "True if the function acts as a virtual method."),
("dotnet.Method", 6, "True if the function is restricted as final."),
("dotnet.Method", 7, "Standard return type specification string."),
("dotnet.Method", 8, "Count of generic parameters explicitly defined for the method."),
("dotnet.Method", 9, "Number of individual parameters passed to the method."),
("dotnet.Method", 10, "Distinct generic parameters linked to the method."),
("dotnet.Method", 11, "Detailed argument definitions accepted by the function."),
("dotnet.Param", 1, "Target parameter identifier name string."),
("dotnet.Param", 2, "Designated parameter type string."),
("dotnet.Resource", 1, "File offset marking the start of the resource data."),
("dotnet.Resource", 2, "Physical length of the resource inside the binary."),
("dotnet.Resource", 3, "Descriptive name string of the stored resource."),
("dotnet.Stream", 1, "Descriptive name of the metadata stream."),
("dotnet.Stream", 2, "Address or file offset marking the beginning of the stream."),
("dotnet.Stream", 3, "Exact size of the stream inside the binary."),
("dotnet.Version", 1, "Major format specification number."),
("dotnet.Version", 2, "Minor format specification number."),
("dotnet.Version", 3, "Designated build assignment number."),
("dotnet.Version", 4, "Internal code revision tracking number."),
("elf.Dyn", 1, "Classification type of the dynamic entry (e.g., NEEDED, STRTAB)."),
("elf.Dyn", 2, "Value or address associated with the dynamic entry."),
("elf.ELF", 1, "Type of the ELF file (e.g., executable, shared object)."),
("elf.ELF", 2, "Architecture of the machine for which the binary is compiled."),
("elf.ELF", 3, "Entry point address of the executable."),
("elf.ELF", 4, "File offset pointing to the section header table."),
("elf.ELF", 5, "Size in bytes of a single section header entry."),
("elf.ELF", 6, "File offset pointing to the program header table."),
("elf.ELF", 7, "Size in bytes of a single program header entry."),
("elf.ELF", 8, "Number of section header entries in the table."),
("elf.ELF", 9, "Number of program header entries in the table."),
("elf.ELF", 10, "Count of symbols stored in the static symbol table."),
("elf.ELF", 11, "Count of symbols stored in the dynamic symbol table."),
("elf.ELF", 12, "Count of entries present in the dynamic linking section."),
("elf.ELF", 13, "Array of sections described by the section header table."),
("elf.ELF", 14, "Array of segments described by the program header table."),
("elf.ELF", 15, "Static symbols extracted from the file."),
("elf.ELF", 16, "Dynamic symbols extracted from the file."),
("elf.ELF", 17, "Entries extracted from the dynamic linking structure."),
("elf.ELF", 18, "Operating system and ABI designation of the file."),
("elf.Section", 1, "Section type classification (e.g., PROGBITS, SYMTAB)."),
("elf.Section", 2, "Section attributes represented as bitwise flags."),
("elf.Section", 3, "Virtual address where the section resides in memory."),
("elf.Section", 4, "Size in bytes of the section data."),
("elf.Section", 5, "Physical file offset pointing to the section contents."),
("elf.Section", 6, "Name of the section as a string."),
("elf.Segment", 1, "Classification of the program segment (e.g., LOAD, DYNAMIC)."),
("elf.Segment", 2, "Access permissions and flags of the segment."),
("elf.Segment", 3, "Physical file offset pointing to the beginning of the segment."),
("elf.Segment", 4, "Virtual address where the segment is loaded in memory."),
("elf.Segment", 5, "Physical address of the segment, used on systems without virtual memory."),
("elf.Segment", 6, "Size of the segment inside the file."),
("elf.Segment", 7, "Size of the segment when mapped into memory."),
("elf.Segment", 8, "Required alignment boundary of the segment in memory and on disk."),
("elf.Sym", 1, "Name of the symbol as a string."),
("elf.Sym", 2, "Value associated with the symbol (typically an address or offset)."),
("elf.Sym", 3, "Size in bytes of the object referenced by the symbol."),
("elf.Sym", 4, "Symbol type classification (e.g., FUNC, OBJECT)."),
("elf.Sym", 5, "Binding attributes of the symbol (e.g., GLOBAL, LOCAL)."),
("elf.Sym", 6, "Index of the section associated with this symbol."),
("elf.Sym", 7, "Visibility scope of the symbol (e.g., DEFAULT, HIDDEN)."),
("lnk.Lnk", 1, "True if the file is a LNK file."),
("lnk.Lnk", 2, "A description of the shortcut that is displayed to end users to identify
the purpose of the link."),
("lnk.Lnk", 3, "Time when the LNK file was created."),
("lnk.Lnk", 4, "Time when the LNK file was last accessed."),
("lnk.Lnk", 5, "Time when the LNK files was last modified."),
("lnk.Lnk", 6, "Size of the target file in bytes. The target file is the file that this
link references to. If the link target file is larger than 0xFFFFFFFF,
this value specifies the least significant 32 bits of the link target file
size."),
("lnk.Lnk", 7, "Attributes of the link target file."),
("lnk.Lnk", 8, "Location where the icon associated to the link is found. This is usually
an EXE or DLL file that contains the icon among its resources. The
specific icon to be used is indicated by the `icon_index` field."),
("lnk.Lnk", 9, "Index of the icon that is associated to the link, within an icon location."),
("lnk.Lnk", 10, "Expected window state of an application launched by this link."),
("lnk.Lnk", 11, "Type of drive the link is stored on."),
("lnk.Lnk", 12, "Drive serial number of the volume the link target is stored on."),
("lnk.Lnk", 13, "Volume label of the drive the link target is stored on."),
("lnk.Lnk", 14, "String used to construct the full path to the link target by appending the
common_path_suffix field."),
("lnk.Lnk", 15, "String used to construct the full path to the link target by being appended
to the local_base_path field."),
("lnk.Lnk", 16, "Location of the link target relative to the LNK file."),
("lnk.Lnk", 17, "Path of the working directory to be used when activating the link target."),
("lnk.Lnk", 18, "Command-line arguments that are specified when activating the link target."),
("lnk.Lnk", 19, "Size in bytes of any extra data appended to the LNK file."),
("lnk.Lnk", 20, "Offset within the LNK file where the overlay starts."),
("lnk.Lnk", 21, "Distributed link tracker information."),
("macho.BuildTool", 1, "Identifier representing the tool utilized."),
("macho.BuildTool", 2, "Version string corresponding to the tool."),
("macho.BuildVersion", 1, "Target platform designation."),
("macho.BuildVersion", 2, "Minimum OS version required as a string."),
("macho.BuildVersion", 3, "Version string of the SDK utilized."),
("macho.BuildVersion", 4, "Number of build tools embedded."),
("macho.BuildVersion", 5, "Information regarding individual tools utilized in the build."),
("macho.Certificate", 1, "Name of the issuer of the certificate."),
("macho.Certificate", 2, "Subject designation of the certificate."),
("macho.Certificate", 3, "True if the certificate is self-signed."),
("macho.DyldInfo", 1, "File offset to the rebase information."),
("macho.DyldInfo", 2, "Size in bytes of the rebase payload."),
("macho.DyldInfo", 3, "File offset to the primary binding info."),
("macho.DyldInfo", 4, "Size of the binding data in bytes."),
("macho.DyldInfo", 5, "File offset to weak binding definitions."),
("macho.DyldInfo", 6, "Size of weak binding definitions."),
("macho.DyldInfo", 7, "File offset to lazy binding definitions."),
("macho.DyldInfo", 8, "Size of lazy binding definitions."),
("macho.DyldInfo", 9, "File offset to exported symbols and data."),
("macho.DyldInfo", 10, "Size of the export payload."),
("macho.Dylib", 1, "Library name string."),
("macho.Dylib", 2, "Build timestamp of the dynamic library."),
("macho.Dylib", 3, "Compatibility version requirement string."),
("macho.Dylib", 4, "Current version designation string."),
("macho.Dysymtab", 3, "Index of the first local symbol."),
("macho.Dysymtab", 4, "Total number of local symbols."),
("macho.Dysymtab", 5, "Index of the first externally defined symbol."),
("macho.Dysymtab", 6, "Total count of externally defined symbols."),
("macho.Dysymtab", 7, "Index of the first undefined symbol."),
("macho.Dysymtab", 8, "Total count of undefined symbols."),
("macho.Dysymtab", 9, "Physical file offset to the table of contents."),
("macho.Dysymtab", 10, "Total entries within the table of contents."),
("macho.Dysymtab", 11, "Physical offset to the module table."),
("macho.Dysymtab", 12, "Total module entries in the module table."),
("macho.Dysymtab", 13, "File offset to external reference symbol entries."),
("macho.Dysymtab", 14, "Total entries for external reference symbols."),
("macho.Dysymtab", 15, "File offset to indirect symbol entries."),
("macho.Dysymtab", 16, "Count of indirect symbol elements."),
("macho.Dysymtab", 17, "File offset to external relocation entries."),
("macho.Dysymtab", 18, "Count of external relocation records."),
("macho.Dysymtab", 19, "File offset to local relocation elements."),
("macho.Dysymtab", 20, "Total count of local relocation entries."),
("macho.FatArch", 1, "Target architecture designation of the embedded binary."),
("macho.FatArch", 2, "Sub-architecture designation."),
("macho.FatArch", 3, "File offset referencing the start of the embedded binary."),
("macho.FatArch", 4, "Size in bytes of the embedded binary payload."),
("macho.FatArch", 5, "Required byte alignment of the binary payload."),
("macho.FatArch", 6, "Reserved internal field."),
("macho.File", 1, "Magic identifier indicating the file architecture."),
("macho.File", 2, "Primary architecture designation of the embedded binary."),
("macho.File", 3, "Specific sub-architecture variant."),
("macho.File", 4, "Binary file type categorization."),
("macho.File", 5, "Total count of load commands embedded inside the header."),
("macho.File", 6, "Combined byte size of all load commands."),
("macho.File", 7, "Bitwise flags characterizing the binary."),
("macho.File", 8, "Internal reserved field."),
("macho.File", 9, "Number of segments parsed from the binary."),
("macho.File", 10, "Standard path of the dynamic linker."),
("macho.File", 11, "Execution entry point offset or address."),
("macho.File", 12, "Size of the stack allocated by the loader."),
("macho.File", 13, "Source version metadata string."),
("macho.File", 14, "Segments nested inside the binary."),
("macho.File", 15, "External dynamic libraries referenced."),
("macho.File", 16, "Standard run paths utilized to locate libraries."),
("macho.File", 17, "App entitlement strings defined within the binary."),
("macho.File", 18, "Basic symbol table definitions."),
("macho.File", 19, "Detailed dynamic symbol table definitions."),
("macho.File", 20, "Dynamic linker information payload."),
("macho.File", 21, "Linked code signature data representation."),
("macho.File", 22, "Certificates verifying the code signature."),
("macho.File", 23, "Standard UUID assigned to the binary."),
("macho.File", 24, "Standard build version metadata."),
("macho.File", 25, "Minimum OS requirement specifications."),
("macho.File", 26, "Exported symbol descriptors."),
("macho.File", 27, "Imported symbol descriptors."),
("macho.File", 28, "Linker options passed during binary assembly."),
("macho.LinkedItData", 1, "File offset pointing to the linked data."),
("macho.LinkedItData", 2, "Size in bytes of the linked data payload."),
("macho.Macho", 1, "Magic identifier indicating the file architecture."),
("macho.Macho", 2, "Target architecture designation."),
("macho.Macho", 3, "Specific sub-architecture variant."),
("macho.Macho", 4, "Categorization of the Mach-O executable."),
("macho.Macho", 5, "Number of load commands defined inside the binary."),
("macho.Macho", 6, "Combined byte size of all load commands."),
("macho.Macho", 7, "Global bitwise flags characterizing the binary."),
("macho.Macho", 8, "Reserved padding element."),
("macho.Macho", 9, "Number of segments parsed."),
("macho.Macho", 10, "Standard dynamic linker specification path."),
("macho.Macho", 11, "Execution entry point address."),
("macho.Macho", 12, "Stack size allocation requested."),
("macho.Macho", 13, "Build source version metadata string."),
("macho.Macho", 14, "Standard symbol table block."),
("macho.Macho", 15, "Detailed dynamic symbol table block."),
("macho.Macho", 16, "Code signature data payload block."),
("macho.Macho", 17, "Top-level segments parsed from the binary."),
("macho.Macho", 18, "Linked external libraries."),
("macho.Macho", 19, "Dynamic loader metadata information block."),
("macho.Macho", 20, "Executable run path definition strings."),
("macho.Macho", 21, "Defined app entitlement descriptor strings."),
("macho.Macho", 22, "Cryptographic certificates validating the signature."),
("macho.Macho", 23, "Binary UUID descriptor string."),
("macho.Macho", 24, "General build version metadata block."),
("macho.Macho", 25, "Minimum OS version requirements."),
("macho.Macho", 26, "Standard exported symbol strings."),
("macho.Macho", 27, "Standard imported symbol strings."),
("macho.Macho", 28, "Custom options passed directly to the linker."),
("macho.Macho", 29, "Magic constant identifying the file as a Fat binary."),
("macho.Macho", 30, "Total count of different architectures embedded in the Fat binary."),
("macho.Macho", 31, "Individual descriptors for each embedded architecture."),
("macho.Macho", 32, "Independent Mach-O binaries extracted from the universal Fat payload."),
("macho.MinVersion", 1, "Target device type (e.g., MACOSX, IPHONEOS)."),
("macho.MinVersion", 2, "Minimum OS version string required to run the binary."),
("macho.MinVersion", 3, "Version string of the SDK used to build the binary."),
("macho.Nlist", 1, "Index into the string table representing the symbol name."),
("macho.Nlist", 2, "Symbol type flag designation."),
("macho.Nlist", 3, "Section index associated with the symbol."),
("macho.Nlist", 4, "Description attributes of the symbol."),
("macho.Nlist", 5, "Value or address of the symbol."),
("macho.Section", 1, "Segment name the section belongs to."),
("macho.Section", 2, "Individual section designation string."),
("macho.Section", 3, "Address where the section is mapped in virtual memory."),
("macho.Section", 4, "Total virtual memory size occupied by the section."),
("macho.Section", 5, "File offset pointing to the section data."),
("macho.Section", 6, "Memory alignment constraint of the section."),
("macho.Section", 7, "File offset to relocation entries."),
("macho.Section", 8, "Total count of relocation entries."),
("macho.Section", 9, "Bitwise flags and attributes characterizing the section."),
("macho.Section", 10, "First reserved padding field."),
("macho.Section", 11, "Second reserved padding field."),
("macho.Section", 12, "Third reserved padding field."),
("macho.Segment", 3, "Text identifier of the segment."),
("macho.Segment", 4, "Virtual memory address where the segment is mapped."),
("macho.Segment", 5, "Total size of the mapped segment in virtual memory."),
("macho.Segment", 6, "File offset pointing to the segment contents on disk."),
("macho.Segment", 7, "Total physical length of the segment inside the file."),
("macho.Segment", 8, "Maximum virtual memory protection state applicable."),
("macho.Segment", 9, "Initial virtual memory protection applied at load time."),
("macho.Segment", 10, "Number of sections contained inside the segment."),
("macho.Segment", 11, "Bitwise flags controlling segment properties."),
("macho.Segment", 12, "Array of sections nested within the segment."),
("macho.Symtab", 1, "Physical offset to the start of the symbol table."),
("macho.Symtab", 2, "Count of total symbols stored."),
("macho.Symtab", 3, "Physical offset to the string table data."),
("macho.Symtab", 4, "Size in bytes of the string table."),
("macho.Symtab", 5, "Individual entries stored in the table."),
("macho.Symtab", 6, "Descriptive nlist entries for symbols."),
("pe.Certificate", 1, "Issuer of this individual certificate."),
("pe.Certificate", 2, "Intended subject of this certificate."),
("pe.Certificate", 3, "Thumbprint identifying the certificate."),
("pe.Certificate", 4, "Internal format version of the certificate."),
("pe.Certificate", 5, "Public key cryptographic algorithm string."),
("pe.Certificate", 6, "Public key cryptographic algorithm OID."),
("pe.Certificate", 7, "Unique serial number of the certificate."),
("pe.Certificate", 8, "Start date of the certificate validity period."),
("pe.Certificate", 9, "End date of the certificate validity period."),
("pe.CounterSignature", 1, "True if the countersignature successfully verified."),
("pe.CounterSignature", 2, "Unix timestamp indicating when the signature was countersigned."),
("pe.CounterSignature", 3, "Algorithm used to compute the countersignature digest."),
("pe.CounterSignature", 4, "Certificate chain associated with the countersigning entity."),
("pe.CounterSignature", 12, "Hash digest of the countersignature payload."),
("pe.DirEntry", 1, "Relative virtual address of the data directory structure."),
("pe.DirEntry", 2, "Size in bytes of the data directory structure."),
("pe.Export", 1, "Name of the exported function."),
("pe.Export", 2, "Ordinal index of the exported function."),
("pe.Export", 3, "Relative virtual address (RVA) pointing to the exported function."),
("pe.Export", 4, "Physical file offset of the exported function."),
("pe.Export", 5, "Forwarder string, if the export resolves to a function in another library."),
("pe.Function", 1, "Name of the imported function."),
("pe.Function", 2, "Ordinal index of the function."),
("pe.Function", 3, "Relative virtual address (RVA) or offset pointing to the function import thunk."),
("pe.Import", 1, "Target library filename (e.g., \"kernel32.dll\")."),
("pe.Import", 2, "Total count of functions imported from this library."),
("pe.Import", 3, "Individual functions imported from the library."),
("pe.KeyValue", 1, "Key identifying the entry."),
("pe.KeyValue", 2, "String value associated with the key."),
("pe.Overlay", 1, "File offset marking the start of the appended overlay content."),
("pe.Overlay", 2, "Total size in bytes of the overlay data."),
("pe.PE", 1, "True if the file is a valid PE binary."),
("pe.PE", 2, "Target architecture of the executable (e.g., x86, x64, ARM)."),
("pe.PE", 3, "Subsystem required to run this binary (e.g., GUI, CUI)."),
("pe.PE", 4, "Minimum operating system version required to run the binary."),
("pe.PE", 5, "Minimum subsystem version required to run the binary."),
("pe.PE", 6, "User-defined version of the binary image."),
("pe.PE", 7, "Version of the linker used to generate the binary."),
("pe.PE", 8, "Magic number used to identify the optional header structure."),
("pe.PE", 9, "Bitwise flags indicating attributes of the file (e.g., executable, DLL)."),
("pe.PE", 10, "Bitwise flags indicating DLL characteristics (e.g., ASLR, DEP)."),
("pe.PE", 11, "Creation timestamp of the image, stored as a Unix epoch time."),
("pe.PE", 12, "Preferred load address of the image when placed in memory."),
("pe.PE", 13, "Checksum of the image file."),
("pe.PE", 14, "Relative virtual address (RVA) of the beginning of the code section."),
("pe.PE", 15, "Relative virtual address (RVA) of the beginning of the data section."),
("pe.PE", 16, "Entry point as a file offset."),
("pe.PE", 17, "Entry point as it appears in the PE header (RVA)."),
("pe.PE", 18, "Filename of the dynamic-link library, if the image is a DLL."),
("pe.PE", 19, "Export table timestamp, stored as a Unix epoch time."),
("pe.PE", 20, "Alignment factor used for sections loaded in memory (usually 4096 bytes)."),
("pe.PE", 21, "Alignment factor used for raw section data on disk (usually 512 bytes)."),
("pe.PE", 22, "Flags used by obsolete loaders."),
("pe.PE", 23, "Size of the optional header structure in bytes."),
("pe.PE", 24, "Total size of all sections containing executable code."),
("pe.PE", 25, "Total size of all sections containing initialized data."),
("pe.PE", 26, "Total size of all sections containing uninitialized data (BSS)."),
("pe.PE", 27, "Overall size of the image loaded in memory, including all headers."),
("pe.PE", 28, "Combined size of all headers up to the first section."),
("pe.PE", 29, "Total amount of virtual memory reserved for the stack."),
("pe.PE", 30, "Initial amount of physical memory committed for the stack."),
("pe.PE", 31, "Total amount of virtual memory reserved for the default heap."),
("pe.PE", 32, "Initial amount of physical memory committed for the default heap."),
("pe.PE", 33, "File offset pointing to the COFF symbol table."),
("pe.PE", 34, "Reserved field, must be set to zero."),
("pe.PE", 35, "Number of entries found in the COFF symbol table."),
("pe.PE", 36, "Number of entries present in the data directories array."),
("pe.PE", 37, "Number of sections in the PE file."),
("pe.PE", 38, "Number of imported functions across all imported libraries."),
("pe.PE", 39, "Number of delayed imported functions across all delayed libraries."),
("pe.PE", 40, "Number of resources contained within the file."),
("pe.PE", 41, "Number of string-value pairs within the version info resource."),
("pe.PE", 42, "Number of imported libraries."),
("pe.PE", 43, "Number of delayed imported libraries."),
("pe.PE", 44, "Number of exported symbols."),
("pe.PE", 45, "Number of digital signatures found in the file."),
("pe.PE", 46, "Map representation of file version information attributes."),
("pe.PE", 47, "List containing version information attributes as key-value elements."),
("pe.PE", 48, "Rich header signature containing toolchain usage information."),
("pe.PE", 49, "File path referencing the associated PDB symbol file."),
("pe.PE", 50, "Collection of sections making up the binary."),
("pe.PE", 51, "Standard data directories array (e.g., Imports, Exports, Resources)."),
("pe.PE", 52, "Unix epoch timestamp of the resource directory."),
("pe.PE", 53, "Version structure for the resource directory."),
("pe.PE", 54, "Individual resources defined within the binary."),
("pe.PE", 55, "Standard library and function import descriptions."),
("pe.PE", 56, "Delayed library and function import descriptions."),
("pe.PE", 57, "Exported functions and symbol descriptions."),
("pe.PE", 58, "True if the executable contains a recognized digital signature."),
("pe.PE", 59, "Set of digital signatures extracted from the file."),
("pe.PE", 60, "Information regarding trailing data not mapped by sections."),
("pe.Resource", 1, "Size of the resource content in bytes."),
("pe.Resource", 2, "Relative virtual address (RVA) of the resource data."),
("pe.Resource", 3, "File offset pointing to the resource data."),
("pe.Resource", 4, "Standard resource type classification (e.g., ICON, VERSION)."),
("pe.Resource", 5, "Unique numeric identifier of the resource."),
("pe.Resource", 6, "Language code assigned to the resource."),
("pe.Resource", 7, "Text representation of the resource type for custom classifications."),
("pe.Resource", 8, "Text representation of the resource name."),
("pe.Resource", 9, "Text representation of the resource language."),
("pe.RichSignature", 1, "Relative file offset marking the start of the Rich signature."),
("pe.RichSignature", 2, "Total length in bytes of the Rich signature block."),
("pe.RichSignature", 3, "Numerical XOR key utilized to decrypt the Rich signature."),
("pe.RichSignature", 4, "Obfuscated binary bytes of the Rich signature."),
("pe.RichSignature", 5, "Cleartext decrypted bytes of the Rich signature."),
("pe.RichSignature", 6, "Individual tools and build utilities referenced in the signature."),
("pe.RichTool", 1, "Identifier corresponding to the compilation tool."),
("pe.RichTool", 2, "Internal version of the tool."),
("pe.RichTool", 3, "Number of times the tool was invoked to build objects in the final binary."),
("pe.Section", 1, "Section name as listed in the section table. The data type is `bytes`
instead of `string` so that it can accommodate invalid UTF-8 content. The
length is 8 bytes at most."),
("pe.Section", 2, "For section names longer than 8 bytes, the name in the section table (and
in the `name` field) contains a forward slash (/) followed by an ASCII
representation of a decimal number that is an offset into the string table.
(examples: \"/4\", \"/123\") This mechanism is described in the MSDN and used
by GNU compilers.
When this scenario occurs, the `full_name` field holds the actual section
name. In all other cases, it simply duplicates the content of the `name`
field.
See: https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_section_header#members"),
("pe.Section", 3, "Characteristics and access attributes of the section."),
("pe.Section", 4, "Physical size of the section stored on disk."),
("pe.Section", 5, "File offset to the section data on disk."),
("pe.Section", 6, "Virtual address of the section loaded in memory, relative to the image base."),
("pe.Section", 7, "Total virtual size occupied by the section in memory."),
("pe.Section", 8, "File pointer referencing the section's relocation entries."),
("pe.Section", 9, "File pointer referencing the section's line-number entries."),
("pe.Section", 10, "Total count of relocation records for the section."),
("pe.Section", 11, "Total count of line-number records for the section."),
("pe.Signature", 1, "Subject name specified in the certificate."),
("pe.Signature", 2, "Issuer name specified in the certificate."),
("pe.Signature", 3, "Unique thumbprint value of the certificate."),
("pe.Signature", 4, "Internal version format of the digital signature."),
("pe.Signature", 5, "Public key algorithm identifier string."),
("pe.Signature", 6, "OID value representing the public key algorithm."),
("pe.Signature", 7, "Serial number of the certificate."),
("pe.Signature", 8, "Unix timestamp representing the start of the validity window."),
("pe.Signature", 9, "Unix timestamp representing the end of the validity window."),
("pe.Signature", 10, "True if the cryptographic verification of the signature succeeded."),
("pe.Signature", 11, "Digest algorithm utilized in the signature process."),
("pe.Signature", 12, "Content digest generated by the signer."),
("pe.Signature", 13, "Digest computed directly from the binary payload."),
("pe.Signature", 14, "Number of certificates embedded in the signature chain."),
("pe.Signature", 15, "Number of countersignatures associated with this signature."),
("pe.Signature", 16, "Details regarding the primary signer entity."),
("pe.Signature", 17, "Certificates making up the signing chain."),
("pe.Signature", 18, "Countersignatures validating the time and source of the primary signature."),
("pe.SignerInfo", 1, "Program description extracted from the SpcSpOpusInfo block."),
("pe.SignerInfo", 2, "URL containing supplemental details about the software."),
("pe.SignerInfo", 3, "Hash digest calculated by the primary signer."),
("pe.SignerInfo", 4, "Algorithm used to generate the signer digest."),
("pe.SignerInfo", 5, "Certificate chain validating the signer."),
("pe.Version", 1, "Major version number."),
("pe.Version", 2, "Minor version number."),
("test_proto2.TestProto2", 350, "This field will be visible in YARA as `bool_yara` instead of `bool_proto`."),
("test_proto2.TestProto2", 351, "This field won't be visible to YARA."),
("test_proto2.TestProto2", 500, "This field is accessible only if the features \"foo\" (or \"FOO\") and \"bar\"
are enabled while compiling the YARA rules."),
("test_proto2.TestProto2", 502, "The metadata received by the module is copied into this field."),
];