PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | Public Attributes | List of all members
pesieve::MappingScanner Class Reference

A scanner for detection of inconsistencies in mapping. Checks if the mapped file name is different than the module file name. More...

#include <mapping_scanner.h>

Inheritance diagram for pesieve::MappingScanner:
Inheritance graph
[legend]

Public Member Functions

 MappingScanner (HANDLE hProc, ModuleData &moduleData)
 
virtual MappingScanReportscanRemote ()
 
- Public Member Functions inherited from pesieve::ProcessFeatureScanner
 ProcessFeatureScanner (HANDLE _processHandle)
 
virtual ~ProcessFeatureScanner ()
 

Public Attributes

ModuleDatamoduleData
 

Additional Inherited Members

- Protected Attributes inherited from pesieve::ProcessFeatureScanner
HANDLE processHandle
 

Detailed Description

A scanner for detection of inconsistencies in mapping. Checks if the mapped file name is different than the module file name.

Definition at line 49 of file mapping_scanner.h.

Constructor & Destructor Documentation

◆ MappingScanner()

pesieve::MappingScanner::MappingScanner ( HANDLE hProc,
ModuleData & moduleData )
inline

Definition at line 51 of file mapping_scanner.h.

Member Function Documentation

◆ scanRemote()

MappingScanReport * pesieve::MappingScanner::scanRemote ( )
virtual

Perform the scan on the remote process

Returns
a pointer to an object of the class inherited from ModuleScanReport

Implements pesieve::ProcessFeatureScanner.

Definition at line 8 of file mapping_scanner.cpp.

Here is the call graph for this function:

Member Data Documentation

◆ moduleData

ModuleData& pesieve::MappingScanner::moduleData

Definition at line 58 of file mapping_scanner.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.10.0