PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | Public Attributes | List of all members
pesieve::SuspAddrReport Class Reference

#include <thread_scanner.h>

Public Member Functions

 SuspAddrReport (ULONGLONG _module=0, size_t _moduleSize=0, DWORD _allocProtection=0)
void print ()
const bool toJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails) const
void addSuspAddr (ULONGLONG addr)
bool addressesToJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails) const
bool moduleInfoToJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails) const

Public Attributes

ULONG_PTR module
size_t moduleSize
std::set< ULONGLONG > suspAddresses
DWORD alloc_protection
DWORD curr_protection
AreaEntropyStats stats
bool is_code

Detailed Description

Definition at line 73 of file thread_scanner.h.

Constructor & Destructor Documentation

◆ SuspAddrReport()

pesieve::SuspAddrReport::SuspAddrReport ( ULONGLONG _module = 0,
size_t _moduleSize = 0,
DWORD _allocProtection = 0 )
inline

Definition at line 75 of file thread_scanner.h.

Member Function Documentation

◆ addressesToJSON()

bool pesieve::SuspAddrReport::addressesToJSON ( std::stringstream & outs,
size_t level,
const pesieve::t_json_level & jdetails ) const
inline

Definition at line 111 of file thread_scanner.h.

◆ addSuspAddr()

void pesieve::SuspAddrReport::addSuspAddr ( ULONGLONG addr)
inline

Definition at line 106 of file thread_scanner.h.

◆ moduleInfoToJSON()

bool pesieve::SuspAddrReport::moduleInfoToJSON ( std::stringstream & outs,
size_t level,
const pesieve::t_json_level & jdetails ) const
inline

Definition at line 140 of file thread_scanner.h.

◆ print()

void pesieve::SuspAddrReport::print ( )
inline

Definition at line 82 of file thread_scanner.h.

◆ toJSON()

const bool pesieve::SuspAddrReport::toJSON ( std::stringstream & outs,
size_t level,
const pesieve::t_json_level & jdetails ) const
inline

Definition at line 97 of file thread_scanner.h.

Here is the call graph for this function:

Member Data Documentation

◆ alloc_protection

DWORD pesieve::SuspAddrReport::alloc_protection

Definition at line 178 of file thread_scanner.h.

◆ curr_protection

DWORD pesieve::SuspAddrReport::curr_protection

Definition at line 179 of file thread_scanner.h.

◆ is_code

bool pesieve::SuspAddrReport::is_code

Definition at line 181 of file thread_scanner.h.

◆ module

ULONG_PTR pesieve::SuspAddrReport::module

Definition at line 175 of file thread_scanner.h.

◆ moduleSize

size_t pesieve::SuspAddrReport::moduleSize

Definition at line 176 of file thread_scanner.h.

◆ stats

AreaEntropyStats pesieve::SuspAddrReport::stats

Definition at line 180 of file thread_scanner.h.

◆ suspAddresses

std::set<ULONGLONG> pesieve::SuspAddrReport::suspAddresses

Definition at line 177 of file thread_scanner.h.

The documentation for this class was generated from the following file:
Generated by doxygen 1.17.0