PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | Public Attributes | List of all members
pesieve::ArtefactScanner::ArtefactsMapping Class Reference

#include <artefact_scanner.h>

Public Member Functions

 ArtefactsMapping (MemPageData &_memPage, bool _is64bit)
 
bool foundAny ()
 
size_t getScore () const
 
bool operator< (const ArtefactsMapping &map2) const
 
ArtefactsMappingoperator= (const ArtefactsMapping &other)
 

Public Attributes

MemPageDatamemPage
 
ULONGLONG pe_image_base
 
IMAGE_DOS_HEADER * dos_hdr
 
IMAGE_FILE_HEADER * nt_file_hdr
 
IMAGE_SECTION_HEADER * sec_hdr
 
size_t sec_count
 
bool isMzPeFound
 
bool is64bit
 

Detailed Description

Definition at line 178 of file artefact_scanner.h.

Constructor & Destructor Documentation

◆ ArtefactsMapping()

pesieve::ArtefactScanner::ArtefactsMapping::ArtefactsMapping ( MemPageData & _memPage,
bool _is64bit )
inline

Definition at line 181 of file artefact_scanner.h.

Member Function Documentation

◆ foundAny()

bool pesieve::ArtefactScanner::ArtefactsMapping::foundAny ( )
inline

Definition at line 193 of file artefact_scanner.h.

◆ getScore()

size_t pesieve::ArtefactScanner::ArtefactsMapping::getScore ( ) const
inline

Definition at line 201 of file artefact_scanner.h.

◆ operator<()

bool pesieve::ArtefactScanner::ArtefactsMapping::operator< ( const ArtefactsMapping & map2) const
inline

Definition at line 213 of file artefact_scanner.h.

Here is the call graph for this function:

◆ operator=()

ArtefactsMapping & pesieve::ArtefactScanner::ArtefactsMapping::operator= ( const ArtefactsMapping & other)
inline

Definition at line 217 of file artefact_scanner.h.

Member Data Documentation

◆ dos_hdr

IMAGE_DOS_HEADER* pesieve::ArtefactScanner::ArtefactsMapping::dos_hdr

Definition at line 230 of file artefact_scanner.h.

◆ is64bit

bool pesieve::ArtefactScanner::ArtefactsMapping::is64bit

Definition at line 235 of file artefact_scanner.h.

◆ isMzPeFound

bool pesieve::ArtefactScanner::ArtefactsMapping::isMzPeFound

Definition at line 234 of file artefact_scanner.h.

◆ memPage

MemPageData& pesieve::ArtefactScanner::ArtefactsMapping::memPage

Definition at line 228 of file artefact_scanner.h.

◆ nt_file_hdr

IMAGE_FILE_HEADER* pesieve::ArtefactScanner::ArtefactsMapping::nt_file_hdr

Definition at line 231 of file artefact_scanner.h.

◆ pe_image_base

ULONGLONG pesieve::ArtefactScanner::ArtefactsMapping::pe_image_base

Definition at line 229 of file artefact_scanner.h.

◆ sec_count

size_t pesieve::ArtefactScanner::ArtefactsMapping::sec_count

Definition at line 233 of file artefact_scanner.h.

◆ sec_hdr

IMAGE_SECTION_HEADER* pesieve::ArtefactScanner::ArtefactsMapping::sec_hdr

Definition at line 232 of file artefact_scanner.h.

The documentation for this class was generated from the following file:
Generated by doxygen 1.12.0