PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
pesieve::ProcessScanner Member List

This is the complete list of members for pesieve::ProcessScanner, including all inherited members.

argspesieve::ProcessScannerprotected
filterDotNetReport(ProcessScanReport &process_report)pesieve::ProcessScannerprotected
ignoredModulespesieve::ProcessScannerprotected
isDEPpesieve::ProcessScannerprotected
isReflectionpesieve::ProcessScannerprotected
processHandlepesieve::ProcessScannerprotected
ProcessScanner(HANDLE procHndl, bool is_reflection, pesieve::t_params _args)pesieve::ProcessScanner
resolveHooksTargets(ProcessScanReport &process_report)pesieve::ProcessScannerprotected
scanForHollows(HANDLE hProcess, ModuleData &modData, RemoteModuleData &remoteModData, ProcessScanReport &process_report)pesieve::ProcessScannerstatic
scanForHooks(HANDLE hProcess, ModuleData &modData, RemoteModuleData &remoteModData, ProcessScanReport &process_report, bool scan_data, bool scan_inaccessible)pesieve::ProcessScannerstatic
scanForIATHooks(HANDLE hProcess, ModuleData &modData, RemoteModuleData &remoteModData, ProcessScanReport &process_report, t_iat_scan_mode filter)pesieve::ProcessScannerstatic
scanForMappingMismatch(ModuleData &modData, ProcessScanReport &process_report)pesieve::ProcessScannerprotected
scanModules(ProcessScanReport &pReport)pesieve::ProcessScannerprotected
scanModulesIATs(ProcessScanReport &pReport)pesieve::ProcessScannerprotected
scanRemote()pesieve::ProcessScanner
scanThreads(ProcessScanReport &pReport)pesieve::ProcessScannerprotected
scanWorkingSet(ProcessScanReport &pReport)pesieve::ProcessScannerprotected
~ProcessScanner()pesieve::ProcessScannerinline
Generated by doxygen 1.10.0