A report about the PE artefact detected in the workingset. More...

#include <artefact_scanner.h>

Public Member Functions
	PeArtefacts ()

bool	hasNtHdrs ()

bool	hasSectionHdrs ()

ULONGLONG	peImageBase ()

ULONGLONG	dropPeBase (const ULONGLONG offset_with_pe_base) const

virtual const bool	fieldsToJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)

virtual const bool	toJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)

Public Attributes
LONGLONG	regionStart

size_t	peBaseOffset

size_t	ntFileHdrsOffset

size_t	secHdrsOffset

size_t	secCount

size_t	calculatedImgSize

bool	isMzPeFound

bool	isDll

bool	is64bit

Static Public Attributes
static const size_t	JSON_LEVEL = 1

Detailed Description

A report about the PE artefact detected in the workingset.

Definition at line 22 of file artefact_scanner.h.

Constructor & Destructor Documentation

◆ PeArtefacts()

pesieve::PeArtefacts::PeArtefacts ( )

inline

Definition at line 26 of file artefact_scanner.h.

Member Function Documentation

◆ dropPeBase()

ULONGLONG pesieve::PeArtefacts::dropPeBase ( const ULONGLONG offset_with_pe_base ) const

inline

Definition at line 56 of file artefact_scanner.h.

◆ fieldsToJSON()

virtual const bool pesieve::PeArtefacts::fieldsToJSON	(	std::stringstream &	outs,
		size_t	level,
		const pesieve::t_json_level &	jdetails )

inlinevirtual

Definition at line 67 of file artefact_scanner.h.

Here is the call graph for this function:

◆ hasNtHdrs()

bool pesieve::PeArtefacts::hasNtHdrs ( )

inline

Definition at line 38 of file artefact_scanner.h.

◆ hasSectionHdrs()

bool pesieve::PeArtefacts::hasSectionHdrs ( )

inline

Definition at line 43 of file artefact_scanner.h.

◆ peImageBase()

ULONGLONG pesieve::PeArtefacts::peImageBase ( )

inline

Definition at line 48 of file artefact_scanner.h.

◆ toJSON()

virtual const bool pesieve::PeArtefacts::toJSON	(	std::stringstream &	outs,
		size_t	level,
		const pesieve::t_json_level &	jdetails )

inlinevirtual

Definition at line 96 of file artefact_scanner.h.

Here is the call graph for this function:

Member Data Documentation

◆ calculatedImgSize

size_t pesieve::PeArtefacts::calculatedImgSize

Definition at line 110 of file artefact_scanner.h.

◆ is64bit

bool pesieve::PeArtefacts::is64bit

Definition at line 113 of file artefact_scanner.h.

◆ isDll

bool pesieve::PeArtefacts::isDll

Definition at line 112 of file artefact_scanner.h.

◆ isMzPeFound

bool pesieve::PeArtefacts::isMzPeFound

Definition at line 111 of file artefact_scanner.h.

◆ JSON_LEVEL

const size_t pesieve::PeArtefacts::JSON_LEVEL = 1

static

Definition at line 24 of file artefact_scanner.h.

◆ ntFileHdrsOffset

size_t pesieve::PeArtefacts::ntFileHdrsOffset

Definition at line 107 of file artefact_scanner.h.

◆ peBaseOffset

size_t pesieve::PeArtefacts::peBaseOffset

Definition at line 106 of file artefact_scanner.h.

◆ regionStart

LONGLONG pesieve::PeArtefacts::regionStart

Definition at line 105 of file artefact_scanner.h.

◆ secCount

size_t pesieve::PeArtefacts::secCount

Definition at line 109 of file artefact_scanner.h.

◆ secHdrsOffset

size_t pesieve::PeArtefacts::secHdrsOffset

Definition at line 108 of file artefact_scanner.h.

The documentation for this class was generated from the following file:

scanners/artefact_scanner.h

Public Member Functions

Public Attributes

Static Public Attributes

Detailed Description

Constructor & Destructor Documentation

◆ PeArtefacts()

Member Function Documentation

◆ dropPeBase()

◆ fieldsToJSON()

◆ hasNtHdrs()

◆ hasSectionHdrs()

◆ peImageBase()

◆ toJSON()

Member Data Documentation

◆ calculatedImgSize

◆ is64bit

◆ isDll

◆ isMzPeFound

◆ JSON_LEVEL

◆ ntFileHdrsOffset

◆ peBaseOffset

◆ regionStart

◆ secCount

◆ secHdrsOffset