hollows_hunter/hh__params_8h_source.html

#pragma once


#include <pe_sieve_api.h>

#include <string>

#include <set>


#define TIME_UNDEFINED LONGLONG(-1)

#define HH_DEFAULT_DIR "hollows_hunter.dumps"


typedef enum {

    CACHE_DISABLED = 0,

    CACHE_AUTO,

    CACHE_ENABLED,

    CACHE_MODES_COUNT

} t_cache_mode;


//HollowsHunter's parameters:


typedef struct hh_params

{

public:

    std::string out_dir;

    bool unique_dir;

    bool loop_scanning;

    bool etw_scan;

    bool suspend_suspicious;

    bool kill_suspicious;

    bool quiet;

    bool log;

    bool json_output;

    LONGLONG ptimes;

    t_cache_mode cache_mode;

    std::set<std::wstring> names_list;

    std::set<long> pids_list;

    std::set<std::wstring> ignored_names_list;

    pesieve::t_params pesieve_args; //PE-sieve parameters


    void init();

    hh_params& operator=(const hh_params& other);


} t_hh_params;


t_hh_params
struct hh_params t_hh_params

t_cache_mode
t_cache_mode
Definition hh_params.h:11

CACHE_AUTO
@ CACHE_AUTO
autodetect if cache should be enabled
Definition hh_params.h:13

CACHE_ENABLED
@ CACHE_ENABLED
cache always enabled
Definition hh_params.h:14

CACHE_DISABLED
@ CACHE_DISABLED
cache always disabled
Definition hh_params.h:12

CACHE_MODES_COUNT
@ CACHE_MODES_COUNT
Definition hh_params.h:15

hh_params
Definition hh_params.h:20

hh_params::operator=
hh_params & operator=(const hh_params &other)
Definition hh_params.cpp:27

hh_params::init
void init()
Definition hh_params.cpp:3

hh_params::pids_list
std::set< long > pids_list
Definition hh_params.h:34

hh_params::log
bool log
Definition hh_params.h:29

hh_params::json_output
bool json_output
Definition hh_params.h:30

hh_params::kill_suspicious
bool kill_suspicious
Definition hh_params.h:27

hh_params::ignored_names_list
std::set< std::wstring > ignored_names_list
Definition hh_params.h:35

hh_params::pesieve_args
pesieve::t_params pesieve_args
Definition hh_params.h:36

hh_params::out_dir
std::string out_dir
Definition hh_params.h:22

hh_params::etw_scan
bool etw_scan
Definition hh_params.h:25

hh_params::quiet
bool quiet
Definition hh_params.h:28

hh_params::names_list
std::set< std::wstring > names_list
Definition hh_params.h:33

hh_params::cache_mode
t_cache_mode cache_mode
Definition hh_params.h:32

hh_params::loop_scanning
bool loop_scanning
Definition hh_params.h:24

hh_params::suspend_suspicious
bool suspend_suspicious
Definition hh_params.h:26

hh_params::unique_dir
bool unique_dir
Definition hh_params.h:23

hh_params::ptimes
LONGLONG ptimes
Definition hh_params.h:31