 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include <windows.h>#include <psapi.h>#include <map>#include <peconv.h>#include "module_scan_report.h"#include "workingset_scanner.h"#include "../utils/process_util.h"#include "process_details.h"Go to the source code of this file.
Classes | |
| class | pesieve::PeArtefacts |
| A report about the PE artefact detected in the workingset. More... | |
| class | pesieve::ArtefactScanReport |
| A report from the artefacts scan, generated by ArtefactScanner. More... | |
| class | pesieve::ArtefactScanner |
| A scanner for detection of artefacts related to PE implants in the process workingset. More... | |
| class | pesieve::ArtefactScanner::ArtefactsMapping |
Namespaces | |
| namespace | pesieve |
Macros | |
| #define | INVALID_OFFSET (-1) |
| #define | PE_NOT_FOUND 0 |
Functions | |
| bool | pesieve::is_valid_file_hdr (BYTE *loadedData, size_t loadedSize, BYTE *hdr_ptr, DWORD charact) |
| bool | pesieve::is_valid_section (BYTE *loadedData, size_t loadedSize, BYTE *hdr_ptr, DWORD charact) |
| #define INVALID_OFFSET (-1) |
Definition at line 13 of file artefact_scanner.h.
| #define PE_NOT_FOUND 0 |
Definition at line 14 of file artefact_scanner.h.
1.13.2