PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | Public Attributes | Protected Member Functions | List of all members
pesieve::PeSection Class Reference

Buffers the defined PE section belonging to the module loaded in the scanned process into the local memory. More...

#include <pe_section.h>

Public Member Functions

 PeSection (RemoteModuleData &remoteModData, size_t section_number)
 
 PeSection (ModuleData &modData, size_t section_number)
 
 ~PeSection ()
 
bool isInitialized ()
 
bool isContained (ULONGLONG field_start, size_t field_size)
 

Public Attributes

size_t rawSize
 
size_t loadedSize
 
PBYTE loadedSection
 
DWORD rva
 

Protected Member Functions

bool loadRemote (RemoteModuleData &remoteModData, size_t section_number)
 
bool loadOriginal (ModuleData &modData, size_t section_number)
 
void unload ()
 

Detailed Description

Buffers the defined PE section belonging to the module loaded in the scanned process into the local memory.

Definition at line 11 of file pe_section.h.

Constructor & Destructor Documentation

◆ PeSection() [1/2]

pesieve::PeSection::PeSection ( RemoteModuleData & remoteModData,
size_t section_number )
inline

Definition at line 14 of file pe_section.h.

Here is the call graph for this function:

◆ PeSection() [2/2]

pesieve::PeSection::PeSection ( ModuleData & modData,
size_t section_number )
inline

Definition at line 20 of file pe_section.h.

Here is the call graph for this function:

◆ ~PeSection()

pesieve::PeSection::~PeSection ( )
inline

Definition at line 26 of file pe_section.h.

Here is the call graph for this function:

Member Function Documentation

◆ isContained()

bool pesieve::PeSection::isContained ( ULONGLONG field_start,
size_t field_size )
inline

Definition at line 36 of file pe_section.h.

◆ isInitialized()

bool pesieve::PeSection::isInitialized ( )
inline

Definition at line 31 of file pe_section.h.

◆ loadOriginal()

bool pesieve::PeSection::loadOriginal ( ModuleData & modData,
size_t section_number )
inlineprotected

Definition at line 78 of file pe_section.h.

Here is the call graph for this function:

◆ loadRemote()

bool pesieve::PeSection::loadRemote ( RemoteModuleData & remoteModData,
size_t section_number )
inlineprotected

Definition at line 53 of file pe_section.h.

Here is the call graph for this function:

◆ unload()

void pesieve::PeSection::unload ( )
inlineprotected

Definition at line 107 of file pe_section.h.

Member Data Documentation

◆ loadedSection

PBYTE pesieve::PeSection::loadedSection

Definition at line 48 of file pe_section.h.

◆ loadedSize

size_t pesieve::PeSection::loadedSize

Definition at line 47 of file pe_section.h.

◆ rawSize

size_t pesieve::PeSection::rawSize

Definition at line 46 of file pe_section.h.

◆ rva

DWORD pesieve::PeSection::rva

Definition at line 49 of file pe_section.h.

The documentation for this class was generated from the following file:
Generated by doxygen 1.12.0