 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
A report from the thread scan, generated by ThreadScanner. More...
#include <thread_scanner.h>
Public Member Functions | |
| ThreadScanReport (DWORD _tid) | |
| virtual const void | fieldsToJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails) |
| virtual const bool | toJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails) |
 Public Member Functions inherited from pesieve::ModuleScanReport | |
| ModuleScanReport (HMODULE _module, size_t _moduleSize, t_scan_status _status) | |
| ModuleScanReport (HMODULE _module, size_t _moduleSize) | |
| virtual | ~ModuleScanReport () |
| virtual ULONGLONG | getRelocBase () |
Public Attributes | |
| ULONGLONG | thread_ip |
| DWORD | tid |
| DWORD | protection |
| DWORD | thread_state |
| DWORD | thread_wait_reason |
| AreaEntropyStats | stats |
| Public Attributes inherited from pesieve::ModuleScanReport | |
| HMODULE size_t | moduleSize |
| bool | isDotNetModule |
| std::string | moduleFile |
| t_scan_status | status |
Static Public Attributes | |
| static const DWORD | THREAD_STATE_UNKNOWN = (-1) |
| static const DWORD | THREAD_STATE_WAITING = 5 |
| Static Public Attributes inherited from pesieve::ModuleScanReport | |
| static const size_t | JSON_LEVEL = 1 |
Static Protected Member Functions | |
| static std::string | translate_thread_state (DWORD thread_state) |
| static std::string | translate_wait_reason (DWORD thread_wait_reason) |
Additional Inherited Members | |
| Static Public Member Functions inherited from pesieve::ModuleScanReport | |
| static t_scan_status | get_scan_status (const ModuleScanReport *report) |
| Protected Member Functions inherited from pesieve::ModuleScanReport | |
| virtual const bool | _toJSON (std::stringstream &outs, size_t level=JSON_LEVEL, const pesieve::t_json_level &jdetails=JSON_BASIC) |
A report from the thread scan, generated by ThreadScanner.
Definition at line 13 of file thread_scanner.h.
|
inline |
Definition at line 19 of file thread_scanner.h.
|
inlinevirtual |
Implements pesieve::ModuleScanReport.
Definition at line 56 of file thread_scanner.h.
|
staticprotected |
|
staticprotected |
| DWORD pesieve::ThreadScanReport::protection |
Definition at line 67 of file thread_scanner.h.
| AreaEntropyStats pesieve::ThreadScanReport::stats |
Definition at line 70 of file thread_scanner.h.
| ULONGLONG pesieve::ThreadScanReport::thread_ip |
Definition at line 65 of file thread_scanner.h.
| DWORD pesieve::ThreadScanReport::thread_state |
Definition at line 68 of file thread_scanner.h.
|
static |
Definition at line 16 of file thread_scanner.h.
|
static |
Definition at line 17 of file thread_scanner.h.
| DWORD pesieve::ThreadScanReport::thread_wait_reason |
Definition at line 69 of file thread_scanner.h.
| DWORD pesieve::ThreadScanReport::tid |
Definition at line 66 of file thread_scanner.h.
1.10.0
