HollowsHunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Functions
process_util Namespace Reference

Functions

bool is_wow_64 (HANDLE process)
 
bool is_wow_64_by_pid (DWORD processID)
 
bool get_process_path (DWORD processID, WCHAR *szProcessName, size_t processNameSize)
 
size_t suspend_suspicious (std::vector< DWORD > &suspicious_pids)
 
size_t kill_suspicious (std::vector< DWORD > &suspicious_pids)
 

Function Documentation

◆ get_process_path()

bool process_util::get_process_path ( DWORD processID,
WCHAR * szProcessName,
size_t processNameSize )
inline

Definition at line 42 of file process_util.h.

◆ is_wow_64()

bool process_util::is_wow_64 ( HANDLE process)
inline

Definition at line 10 of file process_util.h.

◆ is_wow_64_by_pid()

bool process_util::is_wow_64_by_pid ( DWORD processID)
inline

Definition at line 31 of file process_util.h.

Here is the call graph for this function:

◆ kill_suspicious()

size_t process_util::kill_suspicious ( std::vector< DWORD > & suspicious_pids)
inline

Definition at line 74 of file process_util.h.

◆ suspend_suspicious()

size_t process_util::suspend_suspicious ( std::vector< DWORD > & suspicious_pids)
inline

Definition at line 61 of file process_util.h.

Here is the call graph for this function:
Generated by doxygen 1.12.0