PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | Public Attributes | List of all members
pesieve::ModuleDumpReport Class Reference

#include <dump_report.h>

Public Member Functions

 ModuleDumpReport (ULONGLONG module_start, size_t module_size)
virtual const bool toJSON (std::stringstream &outs, size_t level)

Public Attributes

ULONGLONG moduleStart
size_t moduleSize
ULONGLONG rebasedTo
bool is_corrupt_pe
bool is_shellcode
std::string impRecMode
bool isReportDumped
bool isDumped
std::string mode_info
std::string dumpFileName
std::string hooksTagFileName
std::string patternsTagFileName
std::string impListFileName
std::string notRecoveredFileName
std::string iatHooksFileName

Detailed Description

Definition at line 16 of file dump_report.h.

Constructor & Destructor Documentation

◆ ModuleDumpReport()

pesieve::ModuleDumpReport::ModuleDumpReport ( ULONGLONG module_start,
size_t module_size )
inline

Definition at line 20 of file dump_report.h.

Member Function Documentation

◆ toJSON()

const bool pesieve::ModuleDumpReport::toJSON ( std::stringstream & outs,
size_t level )
virtual

Definition at line 7 of file dump_report.cpp.

Member Data Documentation

◆ dumpFileName

std::string pesieve::ModuleDumpReport::dumpFileName

Definition at line 39 of file dump_report.h.

◆ hooksTagFileName

std::string pesieve::ModuleDumpReport::hooksTagFileName

Definition at line 40 of file dump_report.h.

◆ iatHooksFileName

std::string pesieve::ModuleDumpReport::iatHooksFileName

Definition at line 44 of file dump_report.h.

◆ impListFileName

std::string pesieve::ModuleDumpReport::impListFileName

Definition at line 42 of file dump_report.h.

◆ impRecMode

std::string pesieve::ModuleDumpReport::impRecMode

Definition at line 35 of file dump_report.h.

◆ is_corrupt_pe

bool pesieve::ModuleDumpReport::is_corrupt_pe

Definition at line 33 of file dump_report.h.

◆ is_shellcode

bool pesieve::ModuleDumpReport::is_shellcode

Definition at line 34 of file dump_report.h.

◆ isDumped

bool pesieve::ModuleDumpReport::isDumped

Definition at line 37 of file dump_report.h.

◆ isReportDumped

bool pesieve::ModuleDumpReport::isReportDumped

Definition at line 36 of file dump_report.h.

◆ mode_info

std::string pesieve::ModuleDumpReport::mode_info

Definition at line 38 of file dump_report.h.

◆ moduleSize

size_t pesieve::ModuleDumpReport::moduleSize

Definition at line 31 of file dump_report.h.

◆ moduleStart

ULONGLONG pesieve::ModuleDumpReport::moduleStart

Definition at line 30 of file dump_report.h.

◆ notRecoveredFileName

std::string pesieve::ModuleDumpReport::notRecoveredFileName

Definition at line 43 of file dump_report.h.

◆ patternsTagFileName

std::string pesieve::ModuleDumpReport::patternsTagFileName

Definition at line 41 of file dump_report.h.

◆ rebasedTo

ULONGLONG pesieve::ModuleDumpReport::rebasedTo

Definition at line 32 of file dump_report.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.17.0