PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
pesieve::IATScanner Class Reference

A scanner for detection of IAT hooking. More...

#include <iat_scanner.h>

Inheritance diagram for pesieve::IATScanner:

Public Member Functions

 IATScanner (HANDLE hProc, ModuleData &moduleData, RemoteModuleData &remoteModData, const peconv::ExportsMapper &_exportsMap, IN const ModulesInfo &_modulesInfo, t_iat_scan_mode _hooksFilter)
 
virtual IATScanReportscanRemote ()
 
- Public Member Functions inherited from pesieve::ModuleScanner
 ModuleScanner (HANDLE _procHndl, ModuleData &_moduleData, RemoteModuleData &_remoteModData)
 
virtual ~ModuleScanner ()
 
- Public Member Functions inherited from pesieve::ProcessFeatureScanner
 ProcessFeatureScanner (HANDLE _processHandle)
 
virtual ~ProcessFeatureScanner ()
 

Additional Inherited Members

- Protected Attributes inherited from pesieve::ModuleScanner
ModuleDatamoduleData
 
RemoteModuleDataremoteModData
 
- Protected Attributes inherited from pesieve::ProcessFeatureScanner
HANDLE processHandle
 

Detailed Description

A scanner for detection of IAT hooking.

Definition at line 62 of file iat_scanner.h.

Constructor & Destructor Documentation

◆ IATScanner()

pesieve::IATScanner::IATScanner ( HANDLE hProc,
ModuleData & moduleData,
RemoteModuleData & remoteModData,
const peconv::ExportsMapper & _exportsMap,
IN const ModulesInfo & _modulesInfo,
t_iat_scan_mode _hooksFilter )
inline

Definition at line 65 of file iat_scanner.h.

Member Function Documentation

◆ scanRemote()

IATScanReport * pesieve::IATScanner::scanRemote ( )
virtual

Perform the scan on the remote process

Returns
a pointer to an object of the class inherited from ModuleScanReport

Implements pesieve::ModuleScanner.

Definition at line 279 of file iat_scanner.cpp.


The documentation for this class was generated from the following files: