PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
pesieve::ObfuscatedMatcher Class Reference
Inheritance diagram for pesieve::ObfuscatedMatcher:

Public Member Functions

 ObfuscatedMatcher ()
 
virtual bool _isMatching (IN const AreaMultiStats &stats)
 
- Public Member Functions inherited from pesieve::RuleMatcher
 RuleMatcher (std::string _name)
 
bool isMatching (IN const AreaMultiStats &stats)
 
bool isMatched ()
 

Additional Inherited Members

- Public Types inherited from pesieve::RuleMatcher
enum  RuleType {
  RULE_NONE = 0 , RULE_CODE = 1 , RULE_TEXT = 2 , RULE_OBFUSCATED = 4 ,
  RULE_ENCRYPTED = 8
}
 
- Public Attributes inherited from pesieve::RuleMatcher
std::string name
 
- Protected Member Functions inherited from pesieve::RuleMatcher
- Protected Attributes inherited from pesieve::RuleMatcher
bool matched
 

Detailed Description

Definition at line 205 of file stats_analyzer.cpp.

Constructor & Destructor Documentation

◆ ObfuscatedMatcher()

pesieve::ObfuscatedMatcher::ObfuscatedMatcher ( )
inline

Definition at line 208 of file stats_analyzer.cpp.

Member Function Documentation

◆ _isMatching()

virtual bool pesieve::ObfuscatedMatcher::_isMatching ( IN const AreaMultiStats & stats)
inlinevirtual

Implements pesieve::RuleMatcher.

Definition at line 211 of file stats_analyzer.cpp.

Here is the call graph for this function:

The documentation for this class was generated from the following file: