PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | Public Attributes | List of all members
pesieve::IATThunksSeries Class Reference

#include <iat_block.h>

Public Member Functions

 IATThunksSeries (DWORD start_offset)
 
 ~IATThunksSeries ()
 
bool operator< (const IATThunksSeries &other) const
 
bool insert (DWORD rva, ULONGLONG funcAddr)
 
bool makeCoverage (IN const peconv::ExportsMapper *exportsMap)
 
bool isCovered ()
 
std::string getDllName ()
 
size_t sizeOfNamesSpace (bool is64b)
 
bool fillNamesSpace (const BYTE *buf_start, size_t buf_size, DWORD bufRVA, bool is64b)
 
std::map< DWORD, ULONGLONG > getRvaToFuncMap ()
 

Public Attributes

DWORD startOffset
 

Detailed Description

Definition at line 11 of file iat_block.h.

Constructor & Destructor Documentation

◆ IATThunksSeries()

pesieve::IATThunksSeries::IATThunksSeries ( DWORD start_offset)
inline

Definition at line 14 of file iat_block.h.

◆ ~IATThunksSeries()

pesieve::IATThunksSeries::~IATThunksSeries ( )
inline

Definition at line 19 of file iat_block.h.

Member Function Documentation

◆ fillNamesSpace()

bool pesieve::IATThunksSeries::fillNamesSpace ( const BYTE * buf_start,
size_t buf_size,
DWORD bufRVA,
bool is64b )

Definition at line 39 of file iat_block.cpp.

Here is the call graph for this function:

◆ getDllName()

std::string pesieve::IATThunksSeries::getDllName ( )

Definition at line 101 of file iat_block.cpp.

◆ getRvaToFuncMap()

std::map< DWORD, ULONGLONG > pesieve::IATThunksSeries::getRvaToFuncMap ( )
inline

Definition at line 51 of file iat_block.h.

◆ insert()

bool pesieve::IATThunksSeries::insert ( DWORD rva,
ULONGLONG funcAddr )
inline

Definition at line 29 of file iat_block.h.

◆ isCovered()

bool pesieve::IATThunksSeries::isCovered ( )
inline

Definition at line 38 of file iat_block.h.

◆ makeCoverage()

bool pesieve::IATThunksSeries::makeCoverage ( IN const peconv::ExportsMapper * exportsMap)

Definition at line 25 of file iat_block.cpp.

◆ operator<()

bool pesieve::IATThunksSeries::operator< ( const IATThunksSeries & other) const
inline

Definition at line 24 of file iat_block.h.

◆ sizeOfNamesSpace()

size_t pesieve::IATThunksSeries::sizeOfNamesSpace ( bool is64b)

Definition at line 78 of file iat_block.cpp.

Here is the call graph for this function:

Member Data Documentation

◆ startOffset

DWORD pesieve::IATThunksSeries::startOffset

Definition at line 56 of file iat_block.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0