 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
This is the complete list of members for pesieve::IATScanReport, including all inherited members.
| _toJSON(std::stringstream &outs, size_t level=JSON_LEVEL, const pesieve::t_json_level &jdetails=JSON_BASIC) | pesieve::ModuleScanReport | inlineprotectedvirtual |
| countHooked() | pesieve::IATScanReport | inline |
| ElementScanReport(t_scan_status _status=SCAN_NOT_SUSPICIOUS) | pesieve::ElementScanReport | inline |
| formatHookedFuncName(IN peconv::ImportsCollection *storedFunc, DWORD thunk_rva) | pesieve::IATScanReport | protectedstatic |
| formatTargetName(IN const peconv::ExportsMapper *exportsMap, IN const ModulesInfo &modulesInfo, IN const ULONGLONG module_start, IN ULONGLONG addr) | pesieve::IATScanReport | protectedstatic |
| generateList(IN const std::string &fileName, IN HANDLE hProcess, IN const ModulesInfo &modulesInfo, IN const peconv::ExportsMapper *exportsMap) | pesieve::IATScanReport | |
| get_scan_status(const ElementScanReport *report) | pesieve::ElementScanReport | inlinestatic |
| getRelocBase() | pesieve::ModuleScanReport | inlinevirtual |
| hooksToJSON(std::stringstream &outs, size_t level) | pesieve::IATScanReport | |
| IATScanReport(HMODULE _module, size_t _moduleSize, std::string _moduleFile) | pesieve::IATScanReport | inline |
| isDotNetModule | pesieve::ModuleScanReport | |
| JSON_LEVEL | pesieve::ElementScanReport | static |
| module | pesieve::ModuleScanReport | |
| moduleFile | pesieve::ModuleScanReport | |
| ModuleScanReport(HMODULE _module, size_t _moduleSize, t_scan_status _status=SCAN_NOT_SUSPICIOUS) | pesieve::ModuleScanReport | inline |
| moduleSize | pesieve::ModuleScanReport | |
| notCovered | pesieve::IATScanReport | |
| origBase | pesieve::ModuleScanReport | |
| relocBase | pesieve::ModuleScanReport | |
| saveNotRecovered(IN const std::string &fileName, IN HANDLE hProcess, IN peconv::ImportsCollection *storedFunc, IN peconv::ImpsNotCovered ¬Covered, IN const ModulesInfo &modulesInfo, IN const peconv::ExportsMapper *exportsMap) | pesieve::IATScanReport | static |
| status | pesieve::ElementScanReport | |
| storedFunc | pesieve::IATScanReport | |
| toJSON(std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails) | pesieve::IATScanReport | inlinevirtual |
| ~ModuleScanReport() | pesieve::ModuleScanReport | inlinevirtual |
1.13.2