PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
pesieve::RemoteModuleData Member List

This is the complete list of members for pesieve::RemoteModuleData, including all inherited members.

_loadFullImage(size_t v_size)pesieve::RemoteModuleDataprotected
calcImgSize()pesieve::RemoteModuleDataprotected
freeFullImage()pesieve::RemoteModuleDatainlineprotected
getHdrImageBase()pesieve::RemoteModuleDatainline
getHdrImageSize()pesieve::RemoteModuleDatainline
getHeaderSize()pesieve::RemoteModuleDatainline
getMappedName(HANDLE _processHandle, LPVOID _modBaseAddr)pesieve::RemoteModuleDatastatic
getModuleBase()pesieve::RemoteModuleDatainline
getModuleName(HANDLE _processHandle, HMODULE _modBaseAddr)pesieve::RemoteModuleDatastatic
getModuleSize()pesieve::RemoteModuleDatainline
getRemoteSectionVa(const size_t section_num)pesieve::RemoteModuleData
hasExecutableSection(bool allow_data, bool allow_inaccessible)pesieve::RemoteModuleData
headerBufferpesieve::RemoteModuleData
IATScanner classpesieve::RemoteModuleDatafriend
imgBufferpesieve::RemoteModuleDataprotected
imgBufferSizepesieve::RemoteModuleDataprotected
init()pesieve::RemoteModuleDataprotected
is64bit()pesieve::RemoteModuleDatainline
isFullImageLoaded()pesieve::RemoteModuleDatainline
isInitialized()pesieve::RemoteModuleDatainline
isReflectionpesieve::RemoteModuleDataprotected
isSectionEntry(const size_t section_number)pesieve::RemoteModuleData
isSectionExecutable(const size_t section_number, bool allow_data, bool allow_inaccessible)pesieve::RemoteModuleData
loadFullImage()pesieve::RemoteModuleData
loadHeader()pesieve::RemoteModuleDataprotected
loadImportsList(peconv::ImportsCollection &collection)pesieve::RemoteModuleData
modBaseAddrpesieve::RemoteModuleDataprotected
PeSection classpesieve::RemoteModuleDatafriend
processHandlepesieve::RemoteModuleDataprotected
RemoteModuleData(HANDLE _processHandle, bool _isRefl, HMODULE _modBaseAddr)pesieve::RemoteModuleDatainline
~RemoteModuleData()pesieve::RemoteModuleDatainlinevirtual
Generated by doxygen 1.13.2