PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Public Member Functions | |
TextMatcher () | |
virtual bool | _isMatching (IN const AreaMultiStats &stats) |
Public Member Functions inherited from pesieve::RuleMatcher | |
RuleMatcher (std::string _name) | |
bool | isMatching (IN const AreaMultiStats &stats) |
bool | isMatched () |
Additional Inherited Members | |
Public Types inherited from pesieve::RuleMatcher | |
enum | RuleType { RULE_NONE = 0 , RULE_CODE = 1 , RULE_TEXT = 2 , RULE_OBFUSCATED = 4 , RULE_ENCRYPTED = 8 } |
Public Attributes inherited from pesieve::RuleMatcher | |
std::string | name |
Protected Member Functions inherited from pesieve::RuleMatcher | |
Protected Attributes inherited from pesieve::RuleMatcher | |
bool | matched |
Definition at line 302 of file stats_analyzer.cpp.
|
inline |
Definition at line 305 of file stats_analyzer.cpp.
|
inlinevirtual |
Implements pesieve::RuleMatcher.
Definition at line 308 of file stats_analyzer.cpp.