 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
A report about the PE artefact detected in the workingset. More...
#include <artefact_scanner.h>
Public Member Functions | |
| PeArtefacts () | |
| bool | hasNtHdrs () |
| bool | hasSectionHdrs () |
| ULONGLONG | peImageBase () |
| ULONGLONG | dropPeBase (const ULONGLONG offset_with_pe_base) const |
| virtual const bool | fieldsToJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails) |
| virtual const bool | toJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails) |
Public Attributes | |
| LONGLONG | regionStart |
| size_t | peBaseOffset |
| size_t | ntFileHdrsOffset |
| size_t | secHdrsOffset |
| size_t | secCount |
| size_t | calculatedImgSize |
| bool | isMzPeFound |
| bool | isDll |
| bool | is64bit |
Static Public Attributes | |
| static const size_t | JSON_LEVEL = 1 |
A report about the PE artefact detected in the workingset.
Definition at line 22 of file artefact_scanner.h.
|
inline |
Definition at line 26 of file artefact_scanner.h.
|
inline |
Definition at line 56 of file artefact_scanner.h.
|
inlinevirtual |
|
inline |
Definition at line 38 of file artefact_scanner.h.
|
inline |
Definition at line 43 of file artefact_scanner.h.
|
inline |
Definition at line 48 of file artefact_scanner.h.
|
inlinevirtual |
| size_t pesieve::PeArtefacts::calculatedImgSize |
Definition at line 110 of file artefact_scanner.h.
| bool pesieve::PeArtefacts::is64bit |
Definition at line 113 of file artefact_scanner.h.
| bool pesieve::PeArtefacts::isDll |
Definition at line 112 of file artefact_scanner.h.
| bool pesieve::PeArtefacts::isMzPeFound |
Definition at line 111 of file artefact_scanner.h.
|
static |
Definition at line 24 of file artefact_scanner.h.
| size_t pesieve::PeArtefacts::ntFileHdrsOffset |
Definition at line 107 of file artefact_scanner.h.
| size_t pesieve::PeArtefacts::peBaseOffset |
Definition at line 106 of file artefact_scanner.h.
| LONGLONG pesieve::PeArtefacts::regionStart |
Definition at line 105 of file artefact_scanner.h.
| size_t pesieve::PeArtefacts::secCount |
Definition at line 109 of file artefact_scanner.h.
| size_t pesieve::PeArtefacts::secHdrsOffset |
Definition at line 108 of file artefact_scanner.h.
1.17.0
