PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
pesieve::PatternMatcher Class Reference

#include <artefacts_util.h>

Public Member Functions

bool isReady ()
size_t loadPatternFile (const char *filename)
bool initShellcodePatterns ()
size_t findAllPatterns (BYTE *loadedData, size_t loadedSize, ::std::vector< sig_finder::Match > &allMatches)
size_t filterCustom (::std::vector< sig_finder::Match > &allMatches, ::std::vector< sig_finder::Match > &customPatternMatches)

Protected Member Functions

bool _isReady ()

Protected Attributes

sig_finder::Node mainMatcher
pesieve::util::Mutex mainMatcherMutex

Detailed Description

Definition at line 41 of file artefacts_util.h.

Member Function Documentation

◆ _isReady()

bool pesieve::PatternMatcher::_isReady ( )
inlineprotected

Definition at line 55 of file artefacts_util.h.

◆ filterCustom()

size_t pesieve::PatternMatcher::filterCustom ( ::std::vector< sig_finder::Match > & allMatches,
::std::vector< sig_finder::Match > & customPatternMatches )

Definition at line 195 of file artefacts_util.cpp.

◆ findAllPatterns()

size_t pesieve::PatternMatcher::findAllPatterns ( BYTE * loadedData,
size_t loadedSize,
::std::vector< sig_finder::Match > & allMatches )

Definition at line 182 of file artefacts_util.cpp.

Here is the call graph for this function:

◆ initShellcodePatterns()

bool pesieve::PatternMatcher::initShellcodePatterns ( )

Definition at line 170 of file artefacts_util.cpp.

Here is the call graph for this function:

◆ isReady()

bool pesieve::PatternMatcher::isReady ( )

Definition at line 145 of file artefacts_util.cpp.

Here is the call graph for this function:

◆ loadPatternFile()

size_t pesieve::PatternMatcher::loadPatternFile ( const char * filename)

Definition at line 151 of file artefacts_util.cpp.

Member Data Documentation

◆ mainMatcher

sig_finder::Node pesieve::PatternMatcher::mainMatcher
protected

Definition at line 56 of file artefacts_util.h.

◆ mainMatcherMutex

pesieve::util::Mutex pesieve::PatternMatcher::mainMatcherMutex
protected

Definition at line 57 of file artefacts_util.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.17.0