pesieve::ProcessScanReport Class Reference

The report aggregating the results of the performed scan. More...

#include <scan_report.h>

Public Types
enum	t_report_type {   REPORT_MAPPING_SCAN , REPORT_HEADERS_SCAN , REPORT_CODE_SCAN , REPORT_MEMPAGE_SCAN ,   REPORT_ARTEFACT_SCAN , REPORT_UNREACHABLE_SCAN , REPORT_SKIPPED_SCAN , REPORT_IAT_SCAN ,   REPORT_THREADS_SCAN , REPORT_TYPES_COUNT }

Public Member Functions
	ProcessScanReport (DWORD _pid, bool _is64bit, bool _isReflection, t_params *_usedParams)
	~ProcessScanReport ()
void	appendReport (ModuleScanReport *report)
size_t	getScannedSize (ULONGLONG address) const
bool	hasModule (ULONGLONG page_addr)
bool	hasModuleContaining (ULONGLONG page_addr, size_t size)
bool	isModuleReplaced (HMODULE module_base)
ScannedModule *	getModuleContaining (ULONGLONG field_addr, size_t field_size=0) const
virtual const bool	toJSON (std::stringstream &stream, size_t level, const t_results_filter &filter, const pesieve::t_json_level &jdetails) const
pesieve::t_report	generateSummary () const
DWORD	getPid ()
bool	isManagedProcess ()

Static Public Member Functions
static t_report_type	getReportType (ModuleScanReport *report)

Public Attributes
std::string	mainImagePath
std::vector< ModuleScanReport * >	moduleReports
peconv::ExportsMapper *	exportsMap

Protected Member Functions
std::string	listModules (size_t level, const t_results_filter &filter, const t_json_level &jdetails) const
void	deleteModuleReports ()
void	appendToType (ModuleScanReport *report)
size_t	countResultsPerType (const t_report_type type, const t_scan_status result) const
size_t	countSuspiciousPerType (const t_report_type type) const
size_t	countHdrsReplaced () const
bool	hasAnyShownType (const t_results_filter &filter)

Protected Attributes
DWORD	pid
bool	is64bit
bool	isManaged
bool	isReflection
t_params *	usedParams
size_t	errorsCount
ModulesInfo	modulesInfo
std::set< ModuleScanReport * >	reportsByType [REPORT_TYPES_COUNT]

Friends
class	ProcessScanner
class	ResultsDumper

Detailed Description

The report aggregating the results of the performed scan.

Definition at line 18 of file scan_report.h.

Member Enumeration Documentation

t_report_type

enum pesieve::ProcessScanReport::t_report_type

Enumerator
REPORT_MAPPING_SCAN
REPORT_HEADERS_SCAN
REPORT_CODE_SCAN
REPORT_MEMPAGE_SCAN
REPORT_ARTEFACT_SCAN
REPORT_UNREACHABLE_SCAN
REPORT_SKIPPED_SCAN
REPORT_IAT_SCAN
REPORT_THREADS_SCAN
REPORT_TYPES_COUNT

Definition at line 21 of file scan_report.h.

Constructor & Destructor Documentation

ProcessScanReport()

pesieve::ProcessScanReport::ProcessScanReport ( DWORD _pid, bool _is64bit, bool _isReflection, t_params * _usedParams )

inline

Definition at line 36 of file scan_report.h.

~ProcessScanReport()

pesieve::ProcessScanReport::~ProcessScanReport ( )

inline

Definition at line 42 of file scan_report.h.

Here is the call graph for this function:

Member Function Documentation

appendReport()

void pesieve::ProcessScanReport::appendReport ( ModuleScanReport * report )

inline

Definition at line 48 of file scan_report.h.

Here is the call graph for this function:

appendToType()

void pesieve::ProcessScanReport::appendToType ( ModuleScanReport * report )

protected

Definition at line 104 of file scan_report.cpp.

Here is the call graph for this function:

countHdrsReplaced()

size_t pesieve::ProcessScanReport::countHdrsReplaced ( ) const

protected

Definition at line 132 of file scan_report.cpp.

Here is the call graph for this function:

countResultsPerType()

size_t pesieve::ProcessScanReport::countResultsPerType ( const t_report_type type, const t_scan_status result ) const

protected

Definition at line 88 of file scan_report.cpp.

Here is the call graph for this function:

countSuspiciousPerType()

size_t pesieve::ProcessScanReport::countSuspiciousPerType ( const t_report_type type ) const

inlineprotected

Definition at line 116 of file scan_report.h.

Here is the call graph for this function:

deleteModuleReports()

void pesieve::ProcessScanReport::deleteModuleReports ( )

inlineprotected

Definition at line 103 of file scan_report.h.

generateSummary()

pesieve::t_report pesieve::ProcessScanReport::generateSummary

(

)

const

Definition at line 152 of file scan_report.cpp.

Here is the call graph for this function:

getModuleContaining()

ScannedModule * pesieve::ProcessScanReport::getModuleContaining ( ULONGLONG field_addr, size_t field_size = 0 ) const

inline

Definition at line 85 of file scan_report.h.

Here is the call graph for this function:

getPid()

DWORD pesieve::ProcessScanReport::getPid ( )

inline

Definition at line 93 of file scan_report.h.

getReportType()

pesieve::ProcessScanReport::t_report_type pesieve::ProcessScanReport::getReportType ( ModuleScanReport * report )

static

Definition at line 53 of file scan_report.cpp.

getScannedSize()

size_t pesieve::ProcessScanReport::getScannedSize ( ULONGLONG address ) const

inline

Definition at line 62 of file scan_report.h.

Here is the call graph for this function:

hasAnyShownType()

bool pesieve::ProcessScanReport::hasAnyShownType ( const t_results_filter & filter )

protected

Definition at line 38 of file scan_report.cpp.

Here is the call graph for this function:

hasModule()

bool pesieve::ProcessScanReport::hasModule ( ULONGLONG page_addr )

inline

Definition at line 67 of file scan_report.h.

Here is the call graph for this function:

hasModuleContaining()

bool pesieve::ProcessScanReport::hasModuleContaining ( ULONGLONG page_addr, size_t size )

inline

Definition at line 75 of file scan_report.h.

Here is the call graph for this function:

isManagedProcess()

bool pesieve::ProcessScanReport::isManagedProcess ( )

inline

Definition at line 94 of file scan_report.h.

isModuleReplaced()

bool pesieve::ProcessScanReport::isModuleReplaced

(

HMODULE

module_base

)

Definition at line 115 of file scan_report.cpp.

listModules()

std::string pesieve::ProcessScanReport::listModules ( size_t level, const t_results_filter & filter, const t_json_level & jdetails ) const

protected

Definition at line 185 of file scan_report.cpp.

Here is the call graph for this function:

toJSON()

const bool pesieve::ProcessScanReport::toJSON ( std::stringstream & stream, size_t level, const t_results_filter & filter, const pesieve::t_json_level & jdetails ) const

virtual

Definition at line 212 of file scan_report.cpp.

Here is the call graph for this function:

Friends And Related Symbol Documentation

ProcessScanner

friend class ProcessScanner

friend

Definition at line 134 of file scan_report.h.

ResultsDumper

friend class ResultsDumper

friend

Definition at line 135 of file scan_report.h.

Member Data Documentation

errorsCount

size_t pesieve::ProcessScanReport::errorsCount

protected

Definition at line 129 of file scan_report.h.

exportsMap

peconv::ExportsMapper* pesieve::ProcessScanReport::exportsMap

Definition at line 98 of file scan_report.h.

is64bit

bool pesieve::ProcessScanReport::is64bit

protected

Definition at line 125 of file scan_report.h.

isManaged

bool pesieve::ProcessScanReport::isManaged

protected

Definition at line 126 of file scan_report.h.

isReflection

bool pesieve::ProcessScanReport::isReflection

protected

Definition at line 127 of file scan_report.h.

mainImagePath

std::string pesieve::ProcessScanReport::mainImagePath

Definition at line 96 of file scan_report.h.

moduleReports

std::vector<ModuleScanReport*> pesieve::ProcessScanReport::moduleReports

Definition at line 97 of file scan_report.h.

modulesInfo

ModulesInfo pesieve::ProcessScanReport::modulesInfo

protected

Definition at line 131 of file scan_report.h.

pid

DWORD pesieve::ProcessScanReport::pid

protected

Definition at line 124 of file scan_report.h.

reportsByType

std::set<ModuleScanReport*> pesieve::ProcessScanReport::reportsByType[REPORT_TYPES_COUNT]

protected

Definition at line 132 of file scan_report.h.

usedParams

t_params* pesieve::ProcessScanReport::usedParams

protected

Definition at line 128 of file scan_report.h.

---

The documentation for this class was generated from the following files:

• scanners/scan_report.h
• scanners/scan_report.cpp