PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Represents a basic info about the scanned module, such as its base offset, size, and the status. More...
#include <scanned_modules.h>
Public Member Functions | |
ULONGLONG | getStart () const |
ULONGLONG | getEnd () const |
size_t | getSize () |
bool | isSuspicious () const |
std::string | getModName () const |
Protected Member Functions | |
ScannedModule (ULONGLONG _start, size_t _moduleSize) | |
~ScannedModule () | |
bool | operator< (ScannedModule other) const |
void | setSuspicious (bool _is_suspicious) |
bool | resize (size_t newSize) |
Protected Attributes | |
const ULONGLONG | start |
Friends | |
class | ModulesInfo |
Represents a basic info about the scanned module, such as its base offset, size, and the status.
Definition at line 14 of file scanned_modules.h.
Definition at line 44 of file scanned_modules.h.
|
inlineprotected |
Definition at line 50 of file scanned_modules.h.
|
inline |
Definition at line 23 of file scanned_modules.h.
|
inline |
Definition at line 38 of file scanned_modules.h.
|
inline |
Definition at line 28 of file scanned_modules.h.
|
inline |
Definition at line 18 of file scanned_modules.h.
|
inline |
Definition at line 33 of file scanned_modules.h.
|
inlineprotected |
Definition at line 54 of file scanned_modules.h.
|
friend |
Definition at line 80 of file scanned_modules.h.
Definition at line 73 of file scanned_modules.h.