Structural Enhancements & Future Refinements (Roadmap Issue)
This issue tracks non‑urgent, optional improvements identified during the v0.7.3 validator and heuristics review.
These items are not required for correctness or determinism, but represent opportunities for deeper structural analysis, improved anomaly detection, or future heuristic expansion.
1. Entropy Validator Enhancements
- Low‑entropy overlay detection
- Revisit low‑entropy section threshold
- Include small sections in uniformity entropy
- Entropy for individual resource entries
2. Entrypoint Validator Enhancements
- Refine non‑exec EP double‑flagging
- Add RWX entrypoint detection
- Detect EP inside virtual padding
- EP → import table correlation
3. Optional Header Validator Enhancements
- Refine SizeOfHeaders alignment logic
- Detect excessive SizeOfImage padding
- Handle virtual‑only sections in size fields
- Detect SizeOfHeaders > SizeOfImage
- Detect ImageBase overflow
4. Resources Validator Enhancements
- Add zero‑size resource data reason code
- Resource directory alignment checks
- Resource type ordering validation
- Detect duplicate resource entries
- Deep string table validation
5. RVA Graph Validator Enhancements
- Improve raw mapping safety
- Add zero‑length directory reason
- Directory RVA alignment checks
- Directory ordering validation
- Directory raw‑mapping consistency
6. Sections Validator Enhancements
- Group RWX + discardable + impossible flags
- Distinguish null vs whitespace section names
- Detect virtual‑only zero‑length sections
- Preserve raw section name
7. Signature Validator Enhancements
- Certificate alignment checks
- Certificate length alignment
- dwLength consistency validation
- Detect certificate overlap
- Security directory consistency
8. TLS Validator Enhancements
- Validate TLS directory RVA mapping
- Validate all TLS directories
- Clarify TLS RVA vs VA semantics
- TLS directory alignment checks
9. Heuristics Layer Enhancements
- Unify RWX structural + heuristic signals
- Add overlay entropy packer heuristics
- Expand subsystem‑DLL heuristics
- Weight import anomalies
10. Cross‑Validator Opportunities
- Correlate entrypoint and TLS callbacks
- Correlate entropy and section flags
- Score directory/section overlap severity
Status
These enhancements are not required for correctness or determinism in v0.7.3.
They represent future‑safe improvements that can be implemented incrementally without breaking the deterministic contract.
Structural Enhancements & Future Refinements (Roadmap Issue)
This issue tracks non‑urgent, optional improvements identified during the v0.7.3 validator and heuristics review.
These items are not required for correctness or determinism, but represent opportunities for deeper structural analysis, improved anomaly detection, or future heuristic expansion.
1. Entropy Validator Enhancements
2. Entrypoint Validator Enhancements
3. Optional Header Validator Enhancements
4. Resources Validator Enhancements
5. RVA Graph Validator Enhancements
6. Sections Validator Enhancements
7. Signature Validator Enhancements
8. TLS Validator Enhancements
9. Heuristics Layer Enhancements
10. Cross‑Validator Opportunities
Status
These enhancements are not required for correctness or determinism in v0.7.3.
They represent future‑safe improvements that can be implemented incrementally without breaking the deterministic contract.