PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
A base class of all the reports detailing on the output of the performed module's scan. More...
#include <module_scan_report.h>
Public Member Functions | |
ModuleScanReport (HMODULE _module, size_t _moduleSize, t_scan_status _status) | |
ModuleScanReport (HMODULE _module, size_t _moduleSize) | |
virtual | ~ModuleScanReport () |
virtual ULONGLONG | getRelocBase () |
virtual const bool | toJSON (std::stringstream &outs, size_t level=JSON_LEVEL, const pesieve::t_json_level &jdetails=JSON_BASIC)=0 |
Static Public Member Functions | |
static t_scan_status | get_scan_status (const ModuleScanReport *report) |
Public Attributes | |
HMODULE size_t | moduleSize |
bool | isDotNetModule |
std::string | moduleFile |
t_scan_status | status |
Static Public Attributes | |
static const size_t | JSON_LEVEL = 1 |
Protected Member Functions | |
virtual const bool | _toJSON (std::stringstream &outs, size_t level=JSON_LEVEL, const pesieve::t_json_level &jdetails=JSON_BASIC) |
A base class of all the reports detailing on the output of the performed module's scan.
Definition at line 25 of file module_scan_report.h.
|
inline |
|
inlinevirtual |
Definition at line 54 of file module_scan_report.h.
|
inlineprotectedvirtual |
|
inlinestatic |
Definition at line 30 of file module_scan_report.h.
Reimplemented in pesieve::CodeScanReport.
Definition at line 56 of file module_scan_report.h.
|
pure virtual |
Implemented in pesieve::ArtefactScanReport, pesieve::CodeScanReport, pesieve::HeadersScanReport, pesieve::IATScanReport, pesieve::MappingScanReport, pesieve::ThreadScanReport, pesieve::WorkingSetScanReport, pesieve::UnreachableModuleReport, pesieve::SkippedModuleReport, and pesieve::MalformedHeaderReport.
bool pesieve::ModuleScanReport::isDotNetModule |
Definition at line 65 of file module_scan_report.h.
Definition at line 28 of file module_scan_report.h.
std::string pesieve::ModuleScanReport::moduleFile |
Definition at line 66 of file module_scan_report.h.
Definition at line 64 of file module_scan_report.h.
t_scan_status pesieve::ModuleScanReport::status |
Definition at line 67 of file module_scan_report.h.