pesieve::ArtefactScanReport Class Reference

A report from the artefacts scan, generated by ArtefactScanner. More...

#include <artefact_scanner.h>

Inheritance diagram for pesieve::ArtefactScanReport:

Public Member Functions
	ArtefactScanReport (HMODULE _module, size_t _moduleSize, t_scan_status status, PeArtefacts &peArt)
virtual const void	fieldsToJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)
virtual const bool	toJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)
Public Member Functions inherited from pesieve::WorkingSetScanReport
	WorkingSetScanReport (HMODULE _module, size_t _moduleSize, t_scan_status status)
size_t	generateTags (const std::string &reportPath)
Public Member Functions inherited from pesieve::ModuleScanReport
	ModuleScanReport (HMODULE _module, size_t _moduleSize, t_scan_status _status=SCAN_NOT_SUSPICIOUS)
virtual	~ModuleScanReport ()
virtual ULONGLONG	getRelocBase ()

Public Attributes
PeArtefacts	artefacts
size_t	initialRegionSize
Public Attributes inherited from pesieve::WorkingSetScanReport
bool	is_executable
bool	is_listed_module
bool	has_pe
bool	has_shellcode
util::ByteBuffer	data_cache
std::vector< sig_finder::Match >	custom_matched
size_t	all_matched_count
size_t	match_area_start
AreaMultiStats	stats
AreaInfo	area_info
DWORD	protection
DWORD	mapping_type
std::string	mapped_name
Public Attributes inherited from pesieve::ModuleScanReport
HMODULE	module
size_t	moduleSize
bool	isDotNetModule
std::string	moduleFile
ULONGLONG	origBase
ULONGLONG	relocBase
t_scan_status	status

Additional Inherited Members
Static Public Member Functions inherited from pesieve::ModuleScanReport
static t_scan_status	get_scan_status (const ModuleScanReport *report)
Static Public Attributes inherited from pesieve::ModuleScanReport
static const size_t	JSON_LEVEL = 1
Protected Member Functions inherited from pesieve::WorkingSetScanReport
const void	patternsToJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)
Protected Member Functions inherited from pesieve::ModuleScanReport
virtual const bool	_toJSON (std::stringstream &outs, size_t level=JSON_LEVEL, const pesieve::t_json_level &jdetails=JSON_BASIC)
Static Protected Member Functions inherited from pesieve::WorkingSetScanReport
static std::string	translate_mapping_type (DWORD type)

Detailed Description

A report from the artefacts scan, generated by ArtefactScanner.

Definition at line 117 of file artefact_scanner.h.

Constructor & Destructor Documentation

ArtefactScanReport()

pesieve::ArtefactScanReport::ArtefactScanReport ( HMODULE _module, size_t _moduleSize, t_scan_status status, PeArtefacts & peArt )

inline

Definition at line 120 of file artefact_scanner.h.

Member Function Documentation

fieldsToJSON()

virtual const void pesieve::ArtefactScanReport::fieldsToJSON ( std::stringstream & outs, size_t level, const pesieve::t_json_level & jdetails )

inlinevirtual

Reimplemented from pesieve::WorkingSetScanReport.

Definition at line 136 of file artefact_scanner.h.

Here is the call graph for this function:

toJSON()

virtual const bool pesieve::ArtefactScanReport::toJSON ( std::stringstream & outs, size_t level, const pesieve::t_json_level & jdetails )

inlinevirtual

Reimplemented from pesieve::WorkingSetScanReport.

Definition at line 143 of file artefact_scanner.h.

Here is the call graph for this function:

Member Data Documentation

artefacts

PeArtefacts pesieve::ArtefactScanReport::artefacts

Definition at line 152 of file artefact_scanner.h.

initialRegionSize

size_t pesieve::ArtefactScanReport::initialRegionSize

Definition at line 153 of file artefact_scanner.h.

---

The documentation for this class was generated from the following file:

• scanners/artefact_scanner.h