PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
pesieve::PeBuffer Member List

This is the complete list of members for pesieve::PeBuffer, including all inherited members.

_readRemote(ULONGLONG module_base, size_t pe_vsize)pesieve::PeBufferprotected
allocBuffer(const size_t pe_vsize)pesieve::PeBufferinlineprotected
calcRemoteImgSize(ULONGLONG module_base) constpesieve::PeBufferprotected
dumpPeToFile(IN std::string dumpFileName, IN OUT peconv::t_pe_dump_mode &dumpMode, IN OPTIONAL const peconv::ExportsMapper *exportsMap=NULL, OUT OPTIONAL peconv::ImpsNotCovered *notCovered=NULL)pesieve::PeBuffer
dumpToFile(IN std::string dumpFileName)pesieve::PeBuffer
fillFromBuffer(ULONGLONG module_base, util::ByteBuffer &data_cache)pesieve::PeBuffer
freeBuffer()pesieve::PeBufferinlineprotected
getBufferSize() constpesieve::PeBufferinline
getModuleBase() constpesieve::PeBufferinline
getRelocBase() constpesieve::PeBufferinline
ImpReconstructor classpesieve::PeBufferfriend
isCode()pesieve::PeBuffer
isFilled()pesieve::PeBufferinline
isReflpesieve::PeBufferprotected
isValidPe()pesieve::PeBufferinline
moduleBasepesieve::PeBufferprotected
PeBuffer(HANDLE _process_hndl, bool _is_refl)pesieve::PeBufferinline
PeReconstructor classpesieve::PeBufferfriend
processHndlpesieve::PeBufferprotected
readRemote(ULONGLONG module_base, size_t pe_vsize)pesieve::PeBuffer
relocBasepesieve::PeBufferprotected
resizeBuffer(size_t new_size)pesieve::PeBuffer
resizeLastSection(size_t new_img_size)pesieve::PeBuffer
setRelocBase(ULONGLONG reloc_base)pesieve::PeBufferinline
vBufpesieve::PeBufferprotected
vBufSizepesieve::PeBufferprotected
~PeBuffer()pesieve::PeBufferinline