PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
The report aggregating the results of the performed dumps. More...
#include <dump_report.h>
Public Member Functions | |
ProcessDumpReport (DWORD _pid) | |
~ProcessDumpReport () | |
void | appendReport (ModuleDumpReport *report) |
size_t | countTotal () const |
bool | isFilled () const |
size_t | countDumped () const |
virtual bool | toJSON (std::stringstream &stream, size_t level) const |
DWORD | getPid () const |
Public Attributes | |
std::string | outputDir |
std::string | minidumpPath |
Protected Member Functions | |
std::string | list_dumped_modules (size_t level) const |
void | deleteModuleReports () |
Protected Attributes | |
DWORD | pid |
std::vector< ModuleDumpReport * > | moduleReports |
Friends | |
class | ResultsDumper |
The report aggregating the results of the performed dumps.
Definition at line 47 of file dump_report.h.
|
inline |
Definition at line 50 of file dump_report.h.
|
inline |
|
inline |
Definition at line 60 of file dump_report.h.
|
inline |
Definition at line 78 of file dump_report.h.
|
inline |
Definition at line 66 of file dump_report.h.
|
inlineprotected |
Definition at line 102 of file dump_report.h.
|
inline |
Definition at line 93 of file dump_report.h.
|
inline |
|
protected |
|
friend |
Definition at line 115 of file dump_report.h.
std::string pesieve::ProcessDumpReport::minidumpPath |
Definition at line 96 of file dump_report.h.
|
protected |
Definition at line 113 of file dump_report.h.
std::string pesieve::ProcessDumpReport::outputDir |
Definition at line 95 of file dump_report.h.
|
protected |
Definition at line 112 of file dump_report.h.