PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Types | Public Member Functions | Public Attributes | List of all members
pesieve::CodeScanReport Class Reference

A report from the code scan, generated by CodeScanner. More...

#include <code_scanner.h>

Inheritance diagram for pesieve::CodeScanReport:
Inheritance graph
[legend]

Public Types

enum  section_status { SECTION_SCAN_ERR = -1 , SECTION_NOT_MODIFIED = 0 , SECTION_PATCHED = 1 , SECTION_UNPACKED = 2 }
 
typedef enum pesieve::CodeScanReport::section_status t_section_status
 

Public Member Functions

 CodeScanReport (HMODULE _module, size_t _moduleSize)
 
size_t countSectionsWithStatus (const t_section_status neededStatus)
 
virtual const void fieldsToJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)
 
virtual const bool toJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)
 
virtual ULONGLONG getRelocBase ()
 
size_t countUnpackedSections ()
 
size_t countInaccessibleSections ()
 
size_t generateTags (const std::string &reportPath)
 
- Public Member Functions inherited from pesieve::ModuleScanReport
 ModuleScanReport (HMODULE _module, size_t _moduleSize, t_scan_status _status=SCAN_NOT_SUSPICIOUS)
 
virtual ~ModuleScanReport ()
 

Public Attributes

std::map< DWORD, t_section_statussectionToResult
 
PatchList patchesList
 
- Public Attributes inherited from pesieve::ModuleScanReport
HMODULE module
 
size_t moduleSize
 
bool isDotNetModule
 
std::string moduleFile
 
ULONGLONG origBase
 
ULONGLONG relocBase
 
t_scan_status status
 

Additional Inherited Members

- Static Public Member Functions inherited from pesieve::ModuleScanReport
static t_scan_status get_scan_status (const ModuleScanReport *report)
 
- Static Public Attributes inherited from pesieve::ModuleScanReport
static const size_t JSON_LEVEL = 1
 
- Protected Member Functions inherited from pesieve::ModuleScanReport
virtual const bool _toJSON (std::stringstream &outs, size_t level=JSON_LEVEL, const pesieve::t_json_level &jdetails=JSON_BASIC)
 

Detailed Description

A report from the code scan, generated by CodeScanner.

Definition at line 13 of file code_scanner.h.

Member Typedef Documentation

◆ t_section_status

enum pesieve::CodeScanReport::section_status pesieve::CodeScanReport::t_section_status

Member Enumeration Documentation

◆ section_status

enum pesieve::CodeScanReport::section_status
Enumerator
SECTION_SCAN_ERR 
SECTION_NOT_MODIFIED 
SECTION_PATCHED 
SECTION_UNPACKED 

Definition at line 16 of file code_scanner.h.

Constructor & Destructor Documentation

◆ CodeScanReport()

pesieve::CodeScanReport::CodeScanReport ( HMODULE _module,
size_t _moduleSize )
inline

Definition at line 23 of file code_scanner.h.

Member Function Documentation

◆ countInaccessibleSections()

size_t pesieve::CodeScanReport::countInaccessibleSections ( )
inline

Definition at line 94 of file code_scanner.h.

Here is the call graph for this function:

◆ countSectionsWithStatus()

size_t pesieve::CodeScanReport::countSectionsWithStatus ( const t_section_status neededStatus)
inline

Definition at line 28 of file code_scanner.h.

◆ countUnpackedSections()

size_t pesieve::CodeScanReport::countUnpackedSections ( )
inline

Definition at line 89 of file code_scanner.h.

Here is the call graph for this function:

◆ fieldsToJSON()

virtual const void pesieve::CodeScanReport::fieldsToJSON ( std::stringstream & outs,
size_t level,
const pesieve::t_json_level & jdetails )
inlinevirtual

Definition at line 41 of file code_scanner.h.

Here is the call graph for this function:

◆ generateTags()

size_t pesieve::CodeScanReport::generateTags ( const std::string & reportPath)

Definition at line 13 of file code_scanner.cpp.

Here is the call graph for this function:

◆ getRelocBase()

virtual ULONGLONG pesieve::CodeScanReport::getRelocBase ( )
inlinevirtual

Reimplemented from pesieve::ModuleScanReport.

Definition at line 84 of file code_scanner.h.

◆ toJSON()

virtual const bool pesieve::CodeScanReport::toJSON ( std::stringstream & outs,
size_t level,
const pesieve::t_json_level & jdetails )
inlinevirtual

Implements pesieve::ModuleScanReport.

Definition at line 75 of file code_scanner.h.

Here is the call graph for this function:

Member Data Documentation

◆ patchesList

PatchList pesieve::CodeScanReport::patchesList

Definition at line 102 of file code_scanner.h.

◆ sectionToResult

std::map<DWORD, t_section_status> pesieve::CodeScanReport::sectionToResult

Definition at line 101 of file code_scanner.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0