PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
A scanner for detection of IAT hooking. More...
#include <iat_scanner.h>
Public Member Functions | |
IATScanner (HANDLE hProc, ModuleData &moduleData, RemoteModuleData &remoteModData, const peconv::ExportsMapper &_exportsMap, IN const ModulesInfo &_modulesInfo, t_iat_scan_mode _hooksFilter) | |
virtual IATScanReport * | scanRemote () |
Public Member Functions inherited from pesieve::ModuleScanner | |
ModuleScanner (HANDLE _procHndl, ModuleData &_moduleData, RemoteModuleData &_remoteModData) | |
virtual | ~ModuleScanner () |
Public Member Functions inherited from pesieve::ProcessFeatureScanner | |
ProcessFeatureScanner (HANDLE _processHandle) | |
virtual | ~ProcessFeatureScanner () |
Additional Inherited Members | |
Protected Attributes inherited from pesieve::ModuleScanner | |
ModuleData & | moduleData |
RemoteModuleData & | remoteModData |
Protected Attributes inherited from pesieve::ProcessFeatureScanner | |
HANDLE | processHandle |
A scanner for detection of IAT hooking.
Definition at line 62 of file iat_scanner.h.
|
inline |
Definition at line 65 of file iat_scanner.h.
|
virtual |
Perform the scan on the remote process
Implements pesieve::ModuleScanner.
Definition at line 279 of file iat_scanner.cpp.