PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | Public Attributes | Protected Member Functions | Protected Attributes | Friends | List of all members
pesieve::ProcessDumpReport Class Reference

The report aggregating the results of the performed dumps. More...

#include <dump_report.h>

Public Member Functions

 ProcessDumpReport (DWORD _pid)
 
 ~ProcessDumpReport ()
 
void appendReport (ModuleDumpReport *report)
 
size_t countTotal () const
 
bool isFilled () const
 
size_t countDumped () const
 
bool hasModule (const ULONGLONG modBase, const size_t modSize) const
 
virtual bool toJSON (std::stringstream &stream, size_t level) const
 
DWORD getPid () const
 

Public Attributes

std::string outputDir
 
std::string minidumpPath
 

Protected Member Functions

std::string list_dumped_modules (size_t level) const
 
void deleteModuleReports ()
 

Protected Attributes

DWORD pid
 
std::vector< ModuleDumpReport * > moduleReports
 

Friends

class ResultsDumper
 

Detailed Description

The report aggregating the results of the performed dumps.

Definition at line 48 of file dump_report.h.

Constructor & Destructor Documentation

◆ ProcessDumpReport()

pesieve::ProcessDumpReport::ProcessDumpReport ( DWORD _pid)
inline

Definition at line 51 of file dump_report.h.

◆ ~ProcessDumpReport()

pesieve::ProcessDumpReport::~ProcessDumpReport ( )
inline

Definition at line 56 of file dump_report.h.

Here is the call graph for this function:

Member Function Documentation

◆ appendReport()

void pesieve::ProcessDumpReport::appendReport ( ModuleDumpReport * report)
inline

Definition at line 61 of file dump_report.h.

◆ countDumped()

size_t pesieve::ProcessDumpReport::countDumped ( ) const
inline

Definition at line 79 of file dump_report.h.

◆ countTotal()

size_t pesieve::ProcessDumpReport::countTotal ( ) const
inline

Definition at line 67 of file dump_report.h.

◆ deleteModuleReports()

void pesieve::ProcessDumpReport::deleteModuleReports ( )
inlineprotected

Definition at line 117 of file dump_report.h.

◆ getPid()

DWORD pesieve::ProcessDumpReport::getPid ( ) const
inline

Definition at line 108 of file dump_report.h.

◆ hasModule()

bool pesieve::ProcessDumpReport::hasModule ( const ULONGLONG modBase,
const size_t modSize ) const
inline

Definition at line 92 of file dump_report.h.

◆ isFilled()

bool pesieve::ProcessDumpReport::isFilled ( ) const
inline

Definition at line 72 of file dump_report.h.

Here is the call graph for this function:

◆ list_dumped_modules()

std::string pesieve::ProcessDumpReport::list_dumped_modules ( size_t level) const
protected

Definition at line 93 of file dump_report.cpp.

Here is the call graph for this function:

◆ toJSON()

bool pesieve::ProcessDumpReport::toJSON ( std::stringstream & stream,
size_t level ) const
virtual

Definition at line 63 of file dump_report.cpp.

Here is the call graph for this function:

Friends And Related Symbol Documentation

◆ ResultsDumper

friend class ResultsDumper
friend

Definition at line 130 of file dump_report.h.

Member Data Documentation

◆ minidumpPath

std::string pesieve::ProcessDumpReport::minidumpPath

Definition at line 111 of file dump_report.h.

◆ moduleReports

std::vector<ModuleDumpReport*> pesieve::ProcessDumpReport::moduleReports
protected

Definition at line 128 of file dump_report.h.

◆ outputDir

std::string pesieve::ProcessDumpReport::outputDir

Definition at line 110 of file dump_report.h.

◆ pid

DWORD pesieve::ProcessDumpReport::pid
protected

Definition at line 127 of file dump_report.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0