PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | Protected Member Functions | Protected Attributes | Friends | List of all members
pesieve::ImportTableBuffer Class Reference

#include <imp_reconstructor.h>

Public Member Functions

 ImportTableBuffer (DWORD _descriptorsRVA)
 ~ImportTableBuffer ()
bool allocDesciptors (size_t descriptors_count)
bool allocNamesSpace (DWORD names_rva, size_t names_size)
bool allocDllsSpace (DWORD dlls_rva, size_t dlls_area_size)
size_t getDescriptosCount ()
size_t getDescriptorsSize ()
size_t getNamesSize ()
size_t getDllNamesSize ()
DWORD getRVA ()
bool setTableInPe (BYTE *vBuf, size_t vBufSize)

Protected Member Functions

BYTE * getNamesSpaceAt (const DWORD rva, size_t required_size)
BYTE * getDllSpaceAt (const DWORD rva, size_t required_size)

Protected Attributes

IMAGE_IMPORT_DESCRIPTOR * descriptors

Friends

class ImpReconstructor

Detailed Description

Definition at line 15 of file imp_reconstructor.h.

Constructor & Destructor Documentation

◆ ImportTableBuffer()

pesieve::ImportTableBuffer::ImportTableBuffer ( DWORD _descriptorsRVA)
inline

Definition at line 19 of file imp_reconstructor.h.

◆ ~ImportTableBuffer()

pesieve::ImportTableBuffer::~ImportTableBuffer ( )
inline

Definition at line 27 of file imp_reconstructor.h.

Member Function Documentation

◆ allocDesciptors()

bool pesieve::ImportTableBuffer::allocDesciptors ( size_t descriptors_count)
inline

Definition at line 34 of file imp_reconstructor.h.

◆ allocDllsSpace()

bool pesieve::ImportTableBuffer::allocDllsSpace ( DWORD dlls_rva,
size_t dlls_area_size )
inline

Definition at line 61 of file imp_reconstructor.h.

◆ allocNamesSpace()

bool pesieve::ImportTableBuffer::allocNamesSpace ( DWORD names_rva,
size_t names_size )
inline

Definition at line 47 of file imp_reconstructor.h.

◆ getDescriptorsSize()

size_t pesieve::ImportTableBuffer::getDescriptorsSize ( )
inline

Definition at line 80 of file imp_reconstructor.h.

◆ getDescriptosCount()

size_t pesieve::ImportTableBuffer::getDescriptosCount ( )
inline

Definition at line 75 of file imp_reconstructor.h.

◆ getDllNamesSize()

size_t pesieve::ImportTableBuffer::getDllNamesSize ( )
inline

Definition at line 93 of file imp_reconstructor.h.

◆ getDllSpaceAt()

BYTE * pesieve::ImportTableBuffer::getDllSpaceAt ( const DWORD rva,
size_t required_size )
protected

Definition at line 33 of file imp_reconstructor.cpp.

Here is the call graph for this function:

◆ getNamesSize()

size_t pesieve::ImportTableBuffer::getNamesSize ( )
inline

Definition at line 87 of file imp_reconstructor.h.

◆ getNamesSpaceAt()

BYTE * pesieve::ImportTableBuffer::getNamesSpaceAt ( const DWORD rva,
size_t required_size )
protected

Definition at line 28 of file imp_reconstructor.cpp.

Here is the call graph for this function:

◆ getRVA()

DWORD pesieve::ImportTableBuffer::getRVA ( )
inline

Definition at line 98 of file imp_reconstructor.h.

◆ setTableInPe()

bool pesieve::ImportTableBuffer::setTableInPe ( BYTE * vBuf,
size_t vBufSize )
inline

Definition at line 104 of file imp_reconstructor.h.

Here is the call graph for this function:

◆ ImpReconstructor

friend class ImpReconstructor
friend

Definition at line 140 of file imp_reconstructor.h.

Member Data Documentation

◆ descriptors

IMAGE_IMPORT_DESCRIPTOR* pesieve::ImportTableBuffer::descriptors
protected

Definition at line 139 of file imp_reconstructor.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.17.0