hollows_hunter/hh__scanner_8h_source.html

#pragma once


#include <windows.h>

#include <psapi.h>

#pragma comment(lib,"psapi.lib")


#include <string>

#include <vector>

#include <set>


#include "hh_params.h"

#include "hh_report.h"


typedef enum single_status {

    SSCAN_ERROR1 = (-2),

    SSCAN_ERROR0 = (-1),

    SSCAN_NOT_MATCH = 0,

    SSCAN_IGNORED = 1,

    SSCAN_SUCCESS = 2,

    SSCAN_READY = 3

} t_single_scan_status;


class HHScanner {

public:

    // is the scanner best suited for the OS bitness

    static bool isScannerCompatibile();

    static t_single_scan_status shouldScanProcess(const hh_params& hh_args, const time_t hh_initTime, const DWORD pid, const WCHAR* exe_file);


    HHScanner(t_hh_params& _args, time_t _initTime = 0);


    HHScanReport* scan();

    bool writeToLog(HHScanReport* hh_report);

    void summarizeScan(HHScanReport* hh_report, const pesieve::t_results_filter rfilter);


protected:

    void printScanRoundStats(size_t found, size_t ignored_count, size_t not_matched_count);

    size_t scanProcesses(HHScanReport &my_report);

    void printSingleReport(pesieve::t_report& report);


    t_single_scan_status scanNextProcess(DWORD pid, WCHAR* image_buf, HHScanReport &report);

    void initOutDir(time_t scan_time, pesieve::t_params &pesieve_args);


    t_hh_params &hh_args;

    std::string outDir;


    // time when HollowsHunter was initialized

    time_t initTime;

    bool isScannerWow64;

};


// Global arguments

extern t_hh_params g_hh_args;

HHScanReport
Definition hh_report.h:13

HHScanner
Definition hh_scanner.h:24

HHScanner::printScanRoundStats
void printScanRoundStats(size_t found, size_t ignored_count, size_t not_matched_count)
Definition hh_scanner.cpp:154

HHScanner::writeToLog
bool writeToLog(HHScanReport *hh_report)
Definition hh_scanner.cpp:348

HHScanner::outDir
std::string outDir
Definition hh_scanner.h:45

HHScanner::summarizeScan
void summarizeScan(HHScanReport *hh_report, const pesieve::t_results_filter rfilter)
Definition hh_scanner.cpp:362

HHScanner::scanNextProcess
t_single_scan_status scanNextProcess(DWORD pid, WCHAR *image_buf, HHScanReport &report)
Definition hh_scanner.cpp:303

HHScanner::isScannerWow64
bool isScannerWow64
Definition hh_scanner.h:49

HHScanner::shouldScanProcess
static t_single_scan_status shouldScanProcess(const hh_params &hh_args, const time_t hh_initTime, const DWORD pid, const WCHAR *exe_file)
Definition hh_scanner.cpp:271

HHScanner::scanProcesses
size_t scanProcesses(HHScanReport &my_report)
Definition hh_scanner.cpp:186

HHScanner::initTime
time_t initTime
Definition hh_scanner.h:48

HHScanner::hh_args
t_hh_params & hh_args
Definition hh_scanner.h:44

HHScanner::scan
HHScanReport * scan()
Definition hh_scanner.cpp:335

HHScanner::initOutDir
void initOutDir(time_t scan_time, pesieve::t_params &pesieve_args)
Definition hh_scanner.cpp:141

HHScanner::HHScanner
HHScanner(t_hh_params &_args, time_t _initTime=0)
Definition hh_scanner.cpp:122

HHScanner::isScannerCompatibile
static bool isScannerCompatibile()
Definition hh_scanner.cpp:131

HHScanner::printSingleReport
void printSingleReport(pesieve::t_report &report)
Definition hh_scanner.cpp:229

hh_params.h

hh_report.h

g_hh_args
t_hh_params g_hh_args
Definition main.cpp:29

single_status
single_status
Definition hh_scanner.h:15

SSCAN_NOT_MATCH
@ SSCAN_NOT_MATCH
Definition hh_scanner.h:18

SSCAN_IGNORED
@ SSCAN_IGNORED
Definition hh_scanner.h:19

SSCAN_READY
@ SSCAN_READY
Definition hh_scanner.h:21

SSCAN_ERROR1
@ SSCAN_ERROR1
Definition hh_scanner.h:16

SSCAN_ERROR0
@ SSCAN_ERROR0
Definition hh_scanner.h:17

SSCAN_SUCCESS
@ SSCAN_SUCCESS
Definition hh_scanner.h:20

t_single_scan_status
enum single_status t_single_scan_status

hh_params
Definition hh_params.h:20