PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
Public Member Functions | List of all members
pesieve::EncryptedMatcher Class Reference
Inheritance diagram for pesieve::EncryptedMatcher:
Inheritance graph
[legend]

Public Member Functions

 EncryptedMatcher ()
 
virtual bool _isMatching (IN const AreaMultiStats &stats)
 
- Public Member Functions inherited from pesieve::RuleMatcher
 RuleMatcher (std::string _name)
 
bool isMatching (IN const AreaMultiStats &stats)
 
bool isMatched ()
 

Additional Inherited Members

- Public Types inherited from pesieve::RuleMatcher
enum  RuleType {
  RULE_NONE = 0 , RULE_CODE = 1 , RULE_TEXT = 2 , RULE_OBFUSCATED = 4 ,
  RULE_ENCRYPTED = 8
}
 
- Public Attributes inherited from pesieve::RuleMatcher
std::string name
 
- Protected Attributes inherited from pesieve::RuleMatcher
bool matched
 

Detailed Description

Definition at line 275 of file stats_analyzer.cpp.

Constructor & Destructor Documentation

◆ EncryptedMatcher()

pesieve::EncryptedMatcher::EncryptedMatcher ( )
inline

Definition at line 278 of file stats_analyzer.cpp.

Here is the call graph for this function:

Member Function Documentation

◆ _isMatching()

virtual bool pesieve::EncryptedMatcher::_isMatching ( IN const AreaMultiStats & stats)
inlinevirtual

Implements pesieve::RuleMatcher.

Definition at line 281 of file stats_analyzer.cpp.

Here is the call graph for this function:
The documentation for this class was generated from the following file:
Generated by doxygen 1.13.2