https://ontology.unifiedcyberontology.org/uco/observable/WindowsPEOptionalHeader
A Windows PE optional header is a grouping of characteristics unique to the 'optional header' of a Windows PE (Portable Executable) file, consisting of a collection of metadata about the executable code structure of the file.
Instances of observable:WindowsPEOptionalHeader can have the following properties:
| PROPERTY | TYPE | DESCRIPTION | RANGE |
|---|---|---|---|
| From class owl:Thing | |||
| core:informalType | owl:DatatypeProperty | Informal Type serves as a parent property for string-valued properties meant to describe a type without implementing a class design. This property hierarchy supports a balancing point between semantic specificity and operational agility. The known benefits of describing types rather than implementing them include swift extensibility of some existing, or possibly non-existing, subclass hierarchy in UCO without requiring training in ontological development, taxonomic specification, or OWL, SHACL, or RDF maintenance logistics. The known detractions of using string-literals for type descriptions include that used vocabularies may require careful maintenance among data-sharing parties; that vocabularies require independent logistics (external to UCO) for providing definitions (i.e., dictionary-style semantics) to string-literals chosen; and that string-literals cannot by themselves encode hierarchical structure or entailments, such as the informal device type string 'ExamplePhone 8 P4321' entailing 'ExamplePhone 8', 'ExamplePhone', or 'ExamplePhone models discontinued in 2020'. Usage of Informal Type to house strings should be weighed against usage of classes when classes are available, and should periodically be reviewed for potential additions to UCO's class hierarchy or downstream extensions thereof. | owl:Thing |
| types:threadNextItem | owl:ObjectProperty | The link to a next item in a thread. | owl:Thing |
| types:threadPreviousItem | owl:ObjectProperty | A direct link to a previous item in a thread. | owl:Thing |
By the associated SHACL property shapes, instances of observable:WindowsPEOptionalHeader can have the following properties:
PROPERTY |
PROPERTY TYPE |
DESCRIPTION |
MIN COUNT |
MAX COUNT |
LOCAL RANGE |
GLOBAL RANGE |
|
|---|---|---|---|---|---|---|---|
| observable:WindowsPEOptionalHeader | |||||||
| observable:addressOfEntryPoint | owl:DatatypeProperty |
Specifies the address of the entry point relative to the image base when the executable is loaded into memory.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:baseOfCode | owl:DatatypeProperty |
Specifies the address that is relative to the image base of the beginning-of-code section when it is loaded into memory.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:checksum | owl:DatatypeProperty |
Specifies the checksum of the PE binary.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:dllCharacteristics | owl:DatatypeProperty |
Specifies the flags that characterize the PE binary.
|
xsd:unsignedShort
|
xsd:unsignedShort
|
|||
| observable:fileAlignment | owl:DatatypeProperty |
Specifies the factor (in bytes) that is used to align the raw data of sections in the image file.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:imageBase | owl:DatatypeProperty |
Specifies the address that is relative to the image base of the beginning-of-data section when it is loaded into memory.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:loaderFlags | owl:DatatypeProperty |
Specifies the reserved loader flags
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:magic | owl:DatatypeProperty |
Specifies the value that indicates the type of the PE binary.
|
xsd:unsignedShort
|
xsd:unsignedShort
|
|||
| observable:majorImageVersion | owl:DatatypeProperty |
Specifies the major version number of the image.
|
xsd:unsignedShort
|
xsd:unsignedShort
|
|||
| observable:majorLinkerVersion | owl:DatatypeProperty |
Specifies the linker major version number.
|
xsd:byte
|
xsd:byte
|
|||
| observable:majorOSVersion | owl:DatatypeProperty |
Specifies the major version number of the required operating system.
|
xsd:unsignedShort
|
xsd:unsignedShort
|
|||
| observable:majorSubsystemVersion | owl:DatatypeProperty |
Specifies the major version number of the subsystem.
|
xsd:unsignedShort
|
xsd:unsignedShort
|
|||
| observable:minorImageVersion | owl:DatatypeProperty |
Specifies the minor version number of the image.
|
xsd:unsignedShort
|
xsd:unsignedShort
|
|||
| observable:minorLinkerVersion | owl:DatatypeProperty |
Specifies the linker minor version number.
|
xsd:byte
|
xsd:byte
|
|||
| observable:minorOSVersion | owl:DatatypeProperty |
Specifies the minor version number of the required operating system.
|
xsd:unsignedShort
|
xsd:unsignedShort
|
|||
| observable:minorSubsystemVersion | owl:DatatypeProperty |
Specifies the minor version number of the subsystem.
|
xsd:unsignedShort
|
xsd:unsignedShort
|
|||
| observable:numberOfRVAAndSizes | owl:DatatypeProperty |
Specifies the number of data-directory entries in the remainder of the optional header.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:sectionAlignment | owl:DatatypeProperty |
Specifies the alignment (in bytes) of PE sections when they are loaded into memory.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:sizeOfCode | owl:DatatypeProperty |
Specifies the size of the code (text) section. If there are multiple such sections, this refers to the sum of the sizes of each section.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:sizeOfHeaders | owl:DatatypeProperty |
Specifies the combined size of the MS-DOS, PE header, and section headers, rounded up a multiple of the value specified in the file_alignment header.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:sizeOfHeapCommit | owl:DatatypeProperty |
Specifies the size of the local heap space to commit.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:sizeOfHeapReserve | owl:DatatypeProperty |
Specifies the size of the local heap space to reserve.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:sizeOfImage | owl:DatatypeProperty |
Specifies the size, in bytes, of the image, including all headers, as the image is loaded in memory.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:sizeOfInitializedData | owl:DatatypeProperty |
Specifies the size of the initialized data section. If there are multiple such sections, this refers to the sum of the sizes of each section.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:sizeOfStackCommit | owl:DatatypeProperty |
Specifies the size of the stack to commit.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:sizeOfStackReserve | owl:DatatypeProperty |
Specifies the size of the stack to reserve.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:sizeOfUninitializedData | owl:DatatypeProperty |
Specifies the size of the uninitialized data section. If there are multiple such sections, this refers to the sum of the sizes of each section.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
| observable:subsystem | owl:DatatypeProperty |
Specifies the subsystem (e.g., GUI, device driver, etc.) that is required to run this image.
|
xsd:unsignedShort
|
xsd:unsignedShort
|
|||
| observable:win32VersionValue | owl:DatatypeProperty |
Specifies the reserved win32 version value.
|
xsd:unsignedInt
|
xsd:unsignedInt
|
|||
@prefix core: <https://ontology.unifiedcyberontology.org/uco/core/> .
@prefix observable: <https://ontology.unifiedcyberontology.org/uco/observable/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix sh: <http://www.w3.org/ns/shacl#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
observable:WindowsPEOptionalHeader a owl:Class,
sh:NodeShape ;
rdfs:label "WindowsPEOptionalHeader"@en ;
rdfs:comment "A Windows PE optional header is a grouping of characteristics unique to the 'optional header' of a Windows PE (Portable Executable) file, consisting of a collection of metadata about the executable code structure of the file."@en ;
rdfs:subClassOf core:UcoInherentCharacterizationThing ;
sh:property [ sh:datatype xsd:byte ;
sh:nodeKind sh:Literal ;
sh:path observable:majorLinkerVersion ],
[ sh:datatype xsd:byte ;
sh:nodeKind sh:Literal ;
sh:path observable:minorLinkerVersion ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:addressOfEntryPoint ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:baseOfCode ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:checksum ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:fileAlignment ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:imageBase ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:loaderFlags ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:numberOfRVAAndSizes ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sectionAlignment ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfCode ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfHeaders ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfHeapCommit ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfHeapReserve ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfImage ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfInitializedData ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfStackCommit ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfStackReserve ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfUninitializedData ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:win32VersionValue ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:dllCharacteristics ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:magic ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:majorImageVersion ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:majorOSVersion ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:majorSubsystemVersion ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:minorImageVersion ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:minorOSVersion ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:minorSubsystemVersion ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:subsystem ] ;
sh:targetClass observable:WindowsPEOptionalHeader .