PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | Protected Member Functions | Protected Attributes | Friends | List of all members
pesieve::PatchList::Patch Class Reference

#include <patch_list.h>

Public Member Functions

 Patch (HMODULE module_base, size_t patch_id, DWORD start_rva)
 
 Patch (const Patch &other)
 
void setEnd (DWORD end_rva)
 
void setHookTarget (ULONGLONG target_va, bool is_direct=true, t_hook_type hook_type=pesieve::HOOK_INLINE)
 
ULONGLONG getHookTargetVA ()
 
bool setHookTargetInfo (ULONGLONG targetModuleBase, bool isSuspiocious, std::string targetModuleName)
 
const bool toTAG (std::ofstream &patch_report, const char delimiter)
 
const bool toJSON (std::stringstream &outs, size_t level, bool short_info)
 

Protected Member Functions

bool resolveHookedExport (peconv::ExportsMapper &expMap)
 
std::string getFormattedName ()
 

Protected Attributes

size_t id
 
DWORD startRva
 
DWORD endRva
 
HMODULE moduleBase
 
t_hook_type type
 
bool isDirect
 
ULONGLONG hookTargetVA
 
std::string hooked_func
 
ULONGLONG hookTargetModule
 
bool isTargetSuspicious
 
std::string hookTargetModName
 

Friends

class PatchList
 
class PatchAnalyzer
 

Detailed Description

Definition at line 20 of file patch_list.h.

Constructor & Destructor Documentation

◆ Patch() [1/2]

pesieve::PatchList::Patch::Patch ( HMODULE module_base,
size_t patch_id,
DWORD start_rva )
inline

Definition at line 23 of file patch_list.h.

◆ Patch() [2/2]

pesieve::PatchList::Patch::Patch ( const Patch & other)
inline

Definition at line 31 of file patch_list.h.

Member Function Documentation

◆ getFormattedName()

std::string pesieve::PatchList::Patch::getFormattedName ( )
protected

Definition at line 8 of file patch_list.cpp.

Here is the call graph for this function:

◆ getHookTargetVA()

ULONGLONG pesieve::PatchList::Patch::getHookTargetVA ( )
inline

Definition at line 60 of file patch_list.h.

◆ resolveHookedExport()

bool pesieve::PatchList::Patch::resolveHookedExport ( peconv::ExportsMapper & expMap)
protected

Definition at line 115 of file patch_list.cpp.

Here is the call graph for this function:

◆ setEnd()

void pesieve::PatchList::Patch::setEnd ( DWORD end_rva)
inline

Definition at line 48 of file patch_list.h.

Here is the call graph for this function:

◆ setHookTarget()

void pesieve::PatchList::Patch::setHookTarget ( ULONGLONG target_va,
bool is_direct = true,
t_hook_type hook_type = pesieve::HOOK_INLINE )
inline

Definition at line 53 of file patch_list.h.

Here is the call graph for this function:

◆ setHookTargetInfo()

bool pesieve::PatchList::Patch::setHookTargetInfo ( ULONGLONG targetModuleBase,
bool isSuspiocious,
std::string targetModuleName )
inline

Definition at line 65 of file patch_list.h.

Here is the call graph for this function:

◆ toJSON()

const bool pesieve::PatchList::Patch::toJSON ( std::stringstream & outs,
size_t level,
bool short_info )

Definition at line 67 of file patch_list.cpp.

Here is the call graph for this function:

◆ toTAG()

const bool pesieve::PatchList::Patch::toTAG ( std::ofstream & patch_report,
const char delimiter )

Definition at line 51 of file patch_list.cpp.

Here is the call graph for this function:

Friends And Related Symbol Documentation

◆ PatchAnalyzer

friend class PatchAnalyzer
friend

Definition at line 99 of file patch_list.h.

◆ PatchList

friend class PatchList
friend

Definition at line 98 of file patch_list.h.

Member Data Documentation

◆ endRva

DWORD pesieve::PatchList::Patch::endRva
protected

Definition at line 86 of file patch_list.h.

◆ hooked_func

std::string pesieve::PatchList::Patch::hooked_func
protected

Definition at line 92 of file patch_list.h.

◆ hookTargetModName

std::string pesieve::PatchList::Patch::hookTargetModName
protected

Definition at line 96 of file patch_list.h.

◆ hookTargetModule

ULONGLONG pesieve::PatchList::Patch::hookTargetModule
protected

Definition at line 94 of file patch_list.h.

◆ hookTargetVA

ULONGLONG pesieve::PatchList::Patch::hookTargetVA
protected

Definition at line 91 of file patch_list.h.

◆ id

size_t pesieve::PatchList::Patch::id
protected

Definition at line 84 of file patch_list.h.

◆ isDirect

bool pesieve::PatchList::Patch::isDirect
protected

Definition at line 90 of file patch_list.h.

◆ isTargetSuspicious

bool pesieve::PatchList::Patch::isTargetSuspicious
protected

Definition at line 95 of file patch_list.h.

◆ moduleBase

HMODULE pesieve::PatchList::Patch::moduleBase
protected

Definition at line 87 of file patch_list.h.

◆ startRva

DWORD pesieve::PatchList::Patch::startRva
protected

Definition at line 85 of file patch_list.h.

◆ type

t_hook_type pesieve::PatchList::Patch::type
protected

Definition at line 89 of file patch_list.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.10.0