 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
This is the complete list of members for pesieve::ProcessScanner, including all inherited members.
| args | pesieve::ProcessScanner | protected |
| filterDotNetReport(ProcessScanReport &process_report) | pesieve::ProcessScanner | protected |
| ignoredModules | pesieve::ProcessScanner | protected |
| isDEP | pesieve::ProcessScanner | protected |
| isReflection | pesieve::ProcessScanner | protected |
| processHandle | pesieve::ProcessScanner | protected |
| ProcessScanner(HANDLE procHndl, bool is_reflection, pesieve::t_params _args) | pesieve::ProcessScanner | |
| resolveHooksTargets(ProcessScanReport &process_report) | pesieve::ProcessScanner | protected |
| scanForHollows(HANDLE hProcess, ModuleData &modData, RemoteModuleData &remoteModData, ProcessScanReport &process_report) | pesieve::ProcessScanner | static |
| scanForHooks(HANDLE hProcess, ModuleData &modData, RemoteModuleData &remoteModData, ProcessScanReport &process_report, bool scan_data, bool scan_inaccessible) | pesieve::ProcessScanner | static |
| scanForIATHooks(HANDLE hProcess, ModuleData &modData, RemoteModuleData &remoteModData, ProcessScanReport &process_report, t_iat_scan_mode filter) | pesieve::ProcessScanner | static |
| scanForMappingMismatch(ModuleData &modData, ProcessScanReport &process_report) | pesieve::ProcessScanner | protected |
| scanModules(ProcessScanReport &pReport) | pesieve::ProcessScanner | protected |
| scanModulesIATs(ProcessScanReport &pReport) | pesieve::ProcessScanner | protected |
| scanRemote() | pesieve::ProcessScanner | |
| scanThreads(ProcessScanReport &pReport) | pesieve::ProcessScanner | protected |
| scanWorkingSet(ProcessScanReport &pReport) | pesieve::ProcessScanner | protected |
| symbols | pesieve::ProcessScanner | protected |
| ~ProcessScanner() | pesieve::ProcessScanner | inline |
1.12.0