PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
pesieve::ModuleData Member List

This is the complete list of members for pesieve::ModuleData, including all inherited members.

_loadOriginal(bool disableFSredir)pesieve::ModuleDataprotected
autoswichIfWow64Mapping()pesieve::ModuleDataprotected
getHdrImageBase()pesieve::ModuleDatainline
is64bit()pesieve::ModuleDatainline
is_dot_netpesieve::ModuleDataprotected
is_module_namedpesieve::ModuleData
isDotNet()pesieve::ModuleDatainline
isDotNetManagedCode()pesieve::ModuleDataprotected
isInitialized()pesieve::ModuleDatainline
isModuleInPEBList()pesieve::ModuleDatainline
isPEBConnectedpesieve::ModuleDataprotected
loadImportsList(peconv::ImportsCollection &collection)pesieve::ModuleData
loadImportThunks(std::set< DWORD > &fields_rvas)pesieve::ModuleData
loadModuleName()pesieve::ModuleDataprotected
loadOriginal()pesieve::ModuleData
loadRelocatedFields(std::set< DWORD > &fields_rvas)pesieve::ModuleData
ModuleData(HANDLE _processHandle, HMODULE _module, bool _isPEBConnected, bool _useCache, const char *_moduleName=nullptr)pesieve::ModuleDatainline
moduleHandlepesieve::ModuleData
original_modulepesieve::ModuleData
original_sizepesieve::ModuleData
PeSection classpesieve::ModuleDatafriend
processHandlepesieve::ModuleData
reloadWow64()pesieve::ModuleData
relocateToBase(ULONGLONG new_base)pesieve::ModuleData
rvaToVa(DWORD rva, ULONGLONG module_base=0)pesieve::ModuleDatainline
switchToMappedPath()pesieve::ModuleData
switchToWow64Path()pesieve::ModuleData
szModNamepesieve::ModuleData
useCachepesieve::ModuleDataprotected
vaToRva(ULONGLONG va, ULONGLONG module_base=0)pesieve::ModuleDatainline
~ModuleData()pesieve::ModuleDatainline