 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Processes the list of the collected patches (preprocessed by PatchAnalyzer), and for those of them that were detected as hooks, it resolves information about to which modules do they lead to. More...
#include <hook_targets_resolver.h>
Public Member Functions | |
| HookTargetResolver (IN ProcessScanReport &process_report) | |
| size_t | resolveAllHooks (IN OUT std::set< ModuleScanReport * > &code_reports) |
| Resolves all the hooks collected within the given set of reports. | |
| bool | resolveTarget (IN OUT PatchList::Patch *currPatch) |
| Resolves the information about the target of the provided hook, and fills it back into the object. | |
Protected Attributes | |
| ProcessScanReport & | processReport |
Processes the list of the collected patches (preprocessed by PatchAnalyzer), and for those of them that were detected as hooks, it resolves information about to which modules do they lead to.
Definition at line 9 of file hook_targets_resolver.h.
|
inline |
Definition at line 12 of file hook_targets_resolver.h.
| size_t pesieve::HookTargetResolver::resolveAllHooks | ( | IN OUT std::set< ModuleScanReport * > & | code_reports | ) |
Resolves all the hooks collected within the given set of reports.
Definition at line 29 of file hook_targets_resolver.cpp.
| bool pesieve::HookTargetResolver::resolveTarget | ( | IN OUT PatchList::Patch * | currPatch | ) |
Resolves the information about the target of the provided hook, and fills it back into the object.
Definition at line 9 of file hook_targets_resolver.cpp.
|
protected |
Definition at line 24 of file hook_targets_resolver.h.
1.10.0