#include <results_dumper.h>
|
| | ResultsDumper (std::string _baseDir, bool _quiet) |
| |
| ProcessDumpReport * | dumpDetectedModules (HANDLE hProcess, bool isRefl, ProcessScanReport &process_report, const pesieve::t_dump_mode dump_mode, const t_imprec_mode imprec_mode, const bool rebase) |
| |
| bool | dumpJsonReport (ProcessScanReport &process_report, const t_results_filter &filter, const pesieve::t_json_level &jdetails) |
| |
| bool | dumpJsonReport (ProcessDumpReport &process_report) |
| |
| bool | dumpJsonReport (ErrorReport &error_report, const t_results_filter &filter) |
| |
| std::string | getOutputDir () |
| |
| std::string | makeOutPath (const std::string &fname, const std::string &defaultExtension="") |
| |
|
| bool | dumpModule (IN HANDLE processHandle, IN bool isRefl, IN const ModulesInfo &modulesInfo, IN ModuleScanReport *modReport, IN const peconv::ExportsMapper *exportsMap, IN const pesieve::t_dump_mode dump_mode, IN const pesieve::t_imprec_mode imprec_mode, IN bool rebase, OUT ProcessDumpReport &dumpReport) |
| |
| std::string | makeModuleDumpPath (ULONGLONG modBaseAddr, const std::string &fname, const std::string &defaultExtension) |
| |
| std::string | makeDirName (const DWORD process_id) |
| |
| void | makeAndJoinDirectories (std::stringstream &name_stream) |
| |
| bool | fillModuleCopy (IN ModuleScanReport *mod, IN OUT PeBuffer &module_buf) |
| |
Definition at line 11 of file results_dumper.h.
◆ ResultsDumper()
| pesieve::ResultsDumper::ResultsDumper |
( |
std::string | _baseDir, |
|
|
bool | _quiet ) |
|
inline |
◆ dumpDetectedModules()
◆ dumpJsonReport() [1/3]
◆ dumpJsonReport() [2/3]
◆ dumpJsonReport() [3/3]
◆ dumpModule()
- Parameters
-
| processHandle | : handle of the target process (from which the artefacts will be dumped) |
| isRefl | : a flag indicating if this is a process reflection |
| modulesInfo | : list the scanned modules, with their statuses |
| modReport | : ModuleScanReport defining artefacts to be dumped |
| exportsMap | : mapping of all the exported APIs available within the process (for imports reconstruction) |
| imprec_mode | : mode in which imports reconstruction will be attempted |
| out_base | : the base to which the output module should be rebased, 0 if default |
| dumpReport | : ProcessDumpReport to which reports from the current dump will be appended |
Definition at line 262 of file results_dumper.cpp.
◆ fillModuleCopy()
◆ getOutputDir()
| std::string pesieve::ResultsDumper::getOutputDir |
( |
| ) |
|
|
inline |
◆ makeAndJoinDirectories()
| void pesieve::ResultsDumper::makeAndJoinDirectories |
( |
std::stringstream & | name_stream | ) |
|
|
protected |
◆ makeDirName()
| std::string pesieve::ResultsDumper::makeDirName |
( |
const DWORD | process_id | ) |
|
|
protected |
◆ makeModuleDumpPath()
| std::string pesieve::ResultsDumper::makeModuleDumpPath |
( |
ULONGLONG | modBaseAddr, |
|
|
const std::string & | fname, |
|
|
const std::string & | defaultExtension ) |
|
protected |
- Parameters
-
| modBaseAddr | : base address where this module was mapped |
| fname | : known name of this module |
| defaultExtension | : default extension - it will be used if no other extension was detected from the previous name |
Definition at line 455 of file results_dumper.cpp.
◆ makeOutPath()
| std::string pesieve::ResultsDumper::makeOutPath |
( |
const std::string & | fname, |
|
|
const std::string & | defaultExtension = "" ) |
◆ baseDir
| std::string pesieve::ResultsDumper::baseDir |
|
protected |
◆ dumpDir
| std::string pesieve::ResultsDumper::dumpDir |
|
protected |
◆ quiet
| bool pesieve::ResultsDumper::quiet |
|
protected |
The documentation for this class was generated from the following files:
1.12.0
