PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
A container of all the process modules that were scanned. More...
#include <scanned_modules.h>
Public Member Functions | |
ModulesInfo (DWORD _pid) | |
~ModulesInfo () | |
bool | appendToModulesList (ModuleScanReport *report) |
size_t | count () |
size_t | getScannedSize (ULONGLONG start_address) const |
ScannedModule * | findModuleContaining (ULONGLONG address, size_t size=0) const |
ScannedModule * | getModuleAt (ULONGLONG address) const |
Protected Member Functions | |
bool | appendModule (ScannedModule *module) |
void | deleteAll () |
A container of all the process modules that were scanned.
Definition at line 84 of file scanned_modules.h.
|
inline |
Definition at line 87 of file scanned_modules.h.
|
inline |
|
protected |
bool pesieve::ModulesInfo::appendToModulesList | ( | ModuleScanReport * | report | ) |
|
inline |
Definition at line 99 of file scanned_modules.h.
|
protected |
ScannedModule * pesieve::ModulesInfo::findModuleContaining | ( | ULONGLONG | address, |
size_t | size = 0 ) const |
ScannedModule * pesieve::ModulesInfo::getModuleAt | ( | ULONGLONG | address | ) | const |