PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | Protected Member Functions | Protected Attributes | Friends | List of all members
pesieve::PatchList::Patch Class Reference

#include <patch_list.h>

Public Member Functions

 Patch (HMODULE module_base, size_t patch_id, DWORD start_rva)
 Patch (const Patch &other)
void setEnd (DWORD end_rva)
void setHookTarget (ULONGLONG target_va, bool is_direct=true, t_patch_type hook_type=pesieve::HOOK_INLINE)
ULONGLONG getHookTargetVA ()
bool setHookTargetInfo (ULONGLONG targetModuleBase, bool isSuspicious, std::string targetModuleName)
const bool toTAG (std::ofstream &patch_report, const char delimiter)
const bool toJSON (std::stringstream &outs, size_t level, bool short_info)

Protected Member Functions

bool resolveHookedExport (peconv::ExportsMapper &expMap)
std::string getFormattedName ()

Protected Attributes

size_t id
DWORD startRva
DWORD endRva
HMODULE moduleBase
t_patch_type type
bool isDirect
ULONGLONG hookTargetVA
BYTE paddingVal
std::string hooked_func
ULONGLONG hookTargetModule
bool isTargetSuspicious
std::string hookTargetModName

Friends

class PatchList
class PatchAnalyzer

Detailed Description

Definition at line 22 of file patch_list.h.

Constructor & Destructor Documentation

◆ Patch() [1/2]

pesieve::PatchList::Patch::Patch ( HMODULE module_base,
size_t patch_id,
DWORD start_rva )
inline

Definition at line 25 of file patch_list.h.

◆ Patch() [2/2]

pesieve::PatchList::Patch::Patch ( const Patch & other)
inline

Definition at line 34 of file patch_list.h.

Here is the call graph for this function:

Member Function Documentation

◆ getFormattedName()

std::string pesieve::PatchList::Patch::getFormattedName ( )
protected

Definition at line 8 of file patch_list.cpp.

◆ getHookTargetVA()

ULONGLONG pesieve::PatchList::Patch::getHookTargetVA ( )
inline

Definition at line 64 of file patch_list.h.

◆ resolveHookedExport()

bool pesieve::PatchList::Patch::resolveHookedExport ( peconv::ExportsMapper & expMap)
protected

Definition at line 124 of file patch_list.cpp.

◆ setEnd()

void pesieve::PatchList::Patch::setEnd ( DWORD end_rva)
inline

Definition at line 52 of file patch_list.h.

◆ setHookTarget()

void pesieve::PatchList::Patch::setHookTarget ( ULONGLONG target_va,
bool is_direct = true,
t_patch_type hook_type = pesieve::HOOK_INLINE )
inline

Definition at line 57 of file patch_list.h.

◆ setHookTargetInfo()

bool pesieve::PatchList::Patch::setHookTargetInfo ( ULONGLONG targetModuleBase,
bool isSuspicious,
std::string targetModuleName )
inline

Definition at line 69 of file patch_list.h.

◆ toJSON()

const bool pesieve::PatchList::Patch::toJSON ( std::stringstream & outs,
size_t level,
bool short_info )

Definition at line 76 of file patch_list.cpp.

Here is the call graph for this function:

◆ toTAG()

const bool pesieve::PatchList::Patch::toTAG ( std::ofstream & patch_report,
const char delimiter )

Definition at line 60 of file patch_list.cpp.

Here is the call graph for this function:

◆ PatchAnalyzer

friend class PatchAnalyzer
friend

Definition at line 104 of file patch_list.h.

◆ PatchList

friend class PatchList
friend

Definition at line 103 of file patch_list.h.

Member Data Documentation

◆ endRva

DWORD pesieve::PatchList::Patch::endRva
protected

Definition at line 90 of file patch_list.h.

◆ hooked_func

std::string pesieve::PatchList::Patch::hooked_func
protected

Definition at line 97 of file patch_list.h.

◆ hookTargetModName

std::string pesieve::PatchList::Patch::hookTargetModName
protected

Definition at line 101 of file patch_list.h.

◆ hookTargetModule

ULONGLONG pesieve::PatchList::Patch::hookTargetModule
protected

Definition at line 99 of file patch_list.h.

◆ hookTargetVA

ULONGLONG pesieve::PatchList::Patch::hookTargetVA
protected

Definition at line 95 of file patch_list.h.

◆ id

size_t pesieve::PatchList::Patch::id
protected

Definition at line 88 of file patch_list.h.

◆ isDirect

bool pesieve::PatchList::Patch::isDirect
protected

Definition at line 94 of file patch_list.h.

◆ isTargetSuspicious

bool pesieve::PatchList::Patch::isTargetSuspicious
protected

Definition at line 100 of file patch_list.h.

◆ moduleBase

HMODULE pesieve::PatchList::Patch::moduleBase
protected

Definition at line 91 of file patch_list.h.

◆ paddingVal

BYTE pesieve::PatchList::Patch::paddingVal
protected

Definition at line 96 of file patch_list.h.

◆ startRva

DWORD pesieve::PatchList::Patch::startRva
protected

Definition at line 89 of file patch_list.h.

◆ type

t_patch_type pesieve::PatchList::Patch::type
protected

Definition at line 93 of file patch_list.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.17.0