PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
pesieve::ResultsDumper Member List

This is the complete list of members for pesieve::ResultsDumper, including all inherited members.

baseDirpesieve::ResultsDumperprotected
dumpDetectedModules(HANDLE hProcess, bool isRefl, ProcessScanReport &process_report, const pesieve::t_dump_mode dump_mode, const pesieve::t_imprec_mode imprec_mode)pesieve::ResultsDumper
dumpDirpesieve::ResultsDumperprotected
dumpJsonReport(ProcessScanReport &process_report, const ProcessScanReport::t_report_filter &filter, const pesieve::t_json_level &jdetails)pesieve::ResultsDumper
dumpJsonReport(ProcessDumpReport &process_report)pesieve::ResultsDumper
dumpModule(IN HANDLE processHandle, IN bool isRefl, IN const ModulesInfo &modulesInfo, IN ModuleScanReport *modReport, IN const peconv::ExportsMapper *exportsMap, IN const pesieve::t_dump_mode dump_mode, IN const pesieve::t_imprec_mode imprec_mode, OUT ProcessDumpReport &dumpReport)pesieve::ResultsDumperprotected
fillModuleCopy(IN ModuleScanReport *mod, IN OUT PeBuffer &module_buf)pesieve::ResultsDumperprotected
getOutputDir()pesieve::ResultsDumperinline
makeAndJoinDirectories(std::stringstream &name_stream)pesieve::ResultsDumperprotected
makeDirName(const DWORD process_id)pesieve::ResultsDumperprotected
makeModuleDumpPath(ULONGLONG modBaseAddr, const std::string &fname, const std::string &defaultExtension)pesieve::ResultsDumperprotected
makeOutPath(const std::string &fname, const std::string &defaultExtension="")pesieve::ResultsDumper
quietpesieve::ResultsDumperprotected
ResultsDumper(std::string _baseDir, bool _quiet)pesieve::ResultsDumperinline
Generated by doxygen 1.10.0