PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Namespaces | Functions | Variables
artefacts_util.cpp File Reference
#include "artefacts_util.h"
#include <peconv.h>
#include "code_patterns.h"

Go to the source code of this file.

Namespaces

namespace  pesieve
 

Functions

size_t pesieve::init_32_patterns (Node *rootN)
 
size_t pesieve::init_64_patterns (Node *rootN)
 
size_t pesieve::search_till_pattern (sig_finder::Node &rootN, const BYTE *loadedData, size_t loadedSize)
 

Variables

std::set< DWORD > pesieve::HardcodedPatterns
 
sig_finder::Node mainMatcher
 

Variable Documentation

◆ mainMatcher

sig_finder::Node mainMatcher

Definition at line 141 of file artefacts_util.cpp.

Generated by doxygen 1.10.0