 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
#include <dbg_help_wrapper.h>
Static Public Member Functions | |
| static bool | InitializeProcess (HANDLE hProcess, const std::string &symbolPath, DWORD symOptions) |
| static bool | CleanupProcess (HANDLE hProcess) |
| static bool | RefreshModuleList (HANDLE hProcess) |
| static bool | RunStackWalk64 (_In_ DWORD MachineType, _In_ HANDLE hProcess, _In_ HANDLE hThread, _Inout_ LPSTACKFRAME64 StackFrame, _Inout_ PVOID ContextRecord, _In_opt_ PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine, _In_opt_ PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine, _In_opt_ PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine, _In_opt_ PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress) |
| static bool | FromAddress (HANDLE hProcess, DWORD64 address, PSYMBOL_INFO symbol, DWORD64 *displacement) |
| static bool | GetModuleInfo (HANDLE hProcess, DWORD64 address, IMAGEHLP_MODULE64 *moduleInfo) |
| static DWORD | GetLastErrorForProcess (HANDLE hProcess) |
Definition at line 12 of file dbg_help_wrapper.h.
|
inlinestatic |
Definition at line 44 of file dbg_help_wrapper.h.
|
inlinestatic |
Definition at line 100 of file dbg_help_wrapper.h.
|
inlinestatic |
Definition at line 120 of file dbg_help_wrapper.h.
|
inlinestatic |
Definition at line 109 of file dbg_help_wrapper.h.
|
inlinestatic |
Definition at line 16 of file dbg_help_wrapper.h.
|
inlinestatic |
Definition at line 71 of file dbg_help_wrapper.h.
|
inlinestatic |
Definition at line 81 of file dbg_help_wrapper.h.
1.17.0