 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
A report from the code scan, generated by CodeScanner. More...
#include <code_scanner.h>
Public Types | |
| enum | section_status { SECTION_SCAN_ERR = -1 , SECTION_NOT_MODIFIED = 0 , SECTION_PATCHED = 1 , SECTION_UNPACKED = 2 } |
| typedef enum pesieve::CodeScanReport::section_status | t_section_status |
Public Member Functions | |
| CodeScanReport (HMODULE _module, size_t _moduleSize) | |
| size_t | countSectionsWithStatus (const t_section_status neededStatus) |
| virtual const void | fieldsToJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails) |
| virtual const bool | toJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails) |
| virtual ULONGLONG | getRelocBase () |
| size_t | countUnpackedSections () |
| size_t | countInaccessibleSections () |
| size_t | generateTags (const std::string &reportPath) |
 Public Member Functions inherited from pesieve::ModuleScanReport | |
| ModuleScanReport (HMODULE _module, size_t _moduleSize, t_scan_status _status=SCAN_NOT_SUSPICIOUS) | |
| virtual | ~ModuleScanReport () |
| Public Member Functions inherited from pesieve::ElementScanReport | |
| ElementScanReport (t_scan_status _status=SCAN_NOT_SUSPICIOUS) | |
Public Attributes | |
| std::map< DWORD, t_section_status > | sectionToResult |
| PatchList | patchesList |
| Public Attributes inherited from pesieve::ModuleScanReport | |
| HMODULE | module |
| size_t | moduleSize |
| bool | isDotNetModule |
| std::string | moduleFile |
| ULONGLONG | origBase |
| ULONGLONG | relocBase |
| Public Attributes inherited from pesieve::ElementScanReport | |
| t_scan_status | status |
Additional Inherited Members | |
| Static Public Member Functions inherited from pesieve::ElementScanReport | |
| static t_scan_status | get_scan_status (const ElementScanReport *report) |
| Static Public Attributes inherited from pesieve::ElementScanReport | |
| static const size_t | JSON_LEVEL = 1 |
| Protected Member Functions inherited from pesieve::ModuleScanReport | |
| virtual const bool | _toJSON (std::stringstream &outs, size_t level=JSON_LEVEL, const pesieve::t_json_level &jdetails=JSON_BASIC) |
A report from the code scan, generated by CodeScanner.
Definition at line 13 of file code_scanner.h.
| Enumerator | |
|---|---|
| SECTION_SCAN_ERR | |
| SECTION_NOT_MODIFIED | |
| SECTION_PATCHED | |
| SECTION_UNPACKED | |
Definition at line 16 of file code_scanner.h.
|
inline |
|
inline |
|
inline |
Definition at line 28 of file code_scanner.h.
|
inline |
|
inlinevirtual |
| size_t pesieve::CodeScanReport::generateTags | ( | const std::string & | reportPath | ) |
Definition at line 13 of file code_scanner.cpp.
|
inlinevirtual |
Reimplemented from pesieve::ModuleScanReport.
Definition at line 84 of file code_scanner.h.
|
inlinevirtual |
Implements pesieve::ModuleScanReport.
Definition at line 75 of file code_scanner.h.
| PatchList pesieve::CodeScanReport::patchesList |
Definition at line 102 of file code_scanner.h.
| std::map<DWORD, t_section_status> pesieve::CodeScanReport::sectionToResult |
Definition at line 101 of file code_scanner.h.
1.13.2
