PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | Public Attributes | List of all members
pesieve::HeadersScanReport Class Reference

A report from the headers scan, generated by HeadersScanner. More...

#include <headers_scanner.h>

Inheritance diagram for pesieve::HeadersScanReport:
Inheritance graph
[legend]

Public Member Functions

 HeadersScanReport (HMODULE _module, size_t _moduleSize)
 
virtual const void fieldsToJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)
 
virtual const bool toJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)
 
bool isHdrReplaced ()
 
- Public Member Functions inherited from pesieve::ModuleScanReport
 ModuleScanReport (HMODULE _module, size_t _moduleSize, t_scan_status _status=SCAN_NOT_SUSPICIOUS)
 
virtual ~ModuleScanReport ()
 
virtual ULONGLONG getRelocBase ()
 

Public Attributes

bool epModified
 
bool dosHdrModified
 
bool fileHdrModified
 
bool ntHdrModified
 
bool secHdrModified
 
bool archMismatch
 
DWORD is64
 
bool isInPEB
 
- Public Attributes inherited from pesieve::ModuleScanReport
HMODULE module
 
size_t moduleSize
 
bool isDotNetModule
 
std::string moduleFile
 
ULONGLONG origBase
 
ULONGLONG relocBase
 
t_scan_status status
 

Additional Inherited Members

- Static Public Member Functions inherited from pesieve::ModuleScanReport
static t_scan_status get_scan_status (const ModuleScanReport *report)
 
- Static Public Attributes inherited from pesieve::ModuleScanReport
static const size_t JSON_LEVEL = 1
 
- Protected Member Functions inherited from pesieve::ModuleScanReport
virtual const bool _toJSON (std::stringstream &outs, size_t level=JSON_LEVEL, const pesieve::t_json_level &jdetails=JSON_BASIC)
 

Detailed Description

A report from the headers scan, generated by HeadersScanner.

Definition at line 10 of file headers_scanner.h.

Constructor & Destructor Documentation

◆ HeadersScanReport()

pesieve::HeadersScanReport::HeadersScanReport ( HMODULE _module,
size_t _moduleSize )
inline

Definition at line 13 of file headers_scanner.h.

Member Function Documentation

◆ fieldsToJSON()

virtual const void pesieve::HeadersScanReport::fieldsToJSON ( std::stringstream & outs,
size_t level,
const pesieve::t_json_level & jdetails )
inlinevirtual

Definition at line 21 of file headers_scanner.h.

Here is the call graph for this function:

◆ isHdrReplaced()

bool pesieve::HeadersScanReport::isHdrReplaced ( )
inline

Definition at line 65 of file headers_scanner.h.

◆ toJSON()

virtual const bool pesieve::HeadersScanReport::toJSON ( std::stringstream & outs,
size_t level,
const pesieve::t_json_level & jdetails )
inlinevirtual

Implements pesieve::ModuleScanReport.

Definition at line 56 of file headers_scanner.h.

Here is the call graph for this function:

Member Data Documentation

◆ archMismatch

bool pesieve::HeadersScanReport::archMismatch

Definition at line 75 of file headers_scanner.h.

◆ dosHdrModified

bool pesieve::HeadersScanReport::dosHdrModified

Definition at line 71 of file headers_scanner.h.

◆ epModified

bool pesieve::HeadersScanReport::epModified

Definition at line 70 of file headers_scanner.h.

◆ fileHdrModified

bool pesieve::HeadersScanReport::fileHdrModified

Definition at line 72 of file headers_scanner.h.

◆ is64

DWORD pesieve::HeadersScanReport::is64

Definition at line 76 of file headers_scanner.h.

◆ isInPEB

bool pesieve::HeadersScanReport::isInPEB

Definition at line 77 of file headers_scanner.h.

◆ ntHdrModified

bool pesieve::HeadersScanReport::ntHdrModified

Definition at line 73 of file headers_scanner.h.

◆ secHdrModified

bool pesieve::HeadersScanReport::secHdrModified

Definition at line 74 of file headers_scanner.h.

The documentation for this class was generated from the following file:
Generated by doxygen 1.12.0