 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
A report from the thread scan, generated by ThreadScanner. More...
#include <thread_scanner.h>
Public Member Functions | |
| ThreadScanReport (DWORD _tid) | |
| virtual const void | fieldsToJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails) |
| virtual const bool | toJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails) |
 Public Member Functions inherited from pesieve::ModuleScanReport | |
| ModuleScanReport (HMODULE _module, size_t _moduleSize, t_scan_status _status=SCAN_NOT_SUSPICIOUS) | |
| virtual | ~ModuleScanReport () |
| virtual ULONGLONG | getRelocBase () |
Static Public Member Functions | |
| static std::string | translate_thread_state (DWORD thread_state) |
| static std::string | translate_wait_reason (DWORD thread_wait_reason) |
| Static Public Member Functions inherited from pesieve::ModuleScanReport | |
| static t_scan_status | get_scan_status (const ModuleScanReport *report) |
Public Attributes | |
| DWORD | tid |
| ULONGLONG | susp_addr |
| DWORD | protection |
| ULONGLONG | stack_ptr |
| DWORD | thread_state |
| DWORD | thread_wait_reason |
| DWORD | thread_wait_time |
| AreaEntropyStats | stats |
| Public Attributes inherited from pesieve::ModuleScanReport | |
| HMODULE | module |
| size_t | moduleSize |
| bool | isDotNetModule |
| std::string | moduleFile |
| ULONGLONG | origBase |
| ULONGLONG | relocBase |
| t_scan_status | status |
Static Public Attributes | |
| static const DWORD | THREAD_STATE_UNKNOWN = (-1) |
| static const DWORD | THREAD_STATE_WAITING = 5 |
| Static Public Attributes inherited from pesieve::ModuleScanReport | |
| static const size_t | JSON_LEVEL = 1 |
Additional Inherited Members | |
| Protected Member Functions inherited from pesieve::ModuleScanReport | |
| virtual const bool | _toJSON (std::stringstream &outs, size_t level=JSON_LEVEL, const pesieve::t_json_level &jdetails=JSON_BASIC) |
A report from the thread scan, generated by ThreadScanner.
Definition at line 15 of file thread_scanner.h.
|
inline |
Definition at line 26 of file thread_scanner.h.
|
inlinevirtual |
|
inlinevirtual |
Implements pesieve::ModuleScanReport.
Definition at line 77 of file thread_scanner.h.
|
static |
Definition at line 152 of file thread_scanner.cpp.
|
static |
Definition at line 136 of file thread_scanner.cpp.
| DWORD pesieve::ThreadScanReport::protection |
Definition at line 88 of file thread_scanner.h.
| ULONGLONG pesieve::ThreadScanReport::stack_ptr |
Definition at line 89 of file thread_scanner.h.
| AreaEntropyStats pesieve::ThreadScanReport::stats |
Definition at line 93 of file thread_scanner.h.
| ULONGLONG pesieve::ThreadScanReport::susp_addr |
Definition at line 87 of file thread_scanner.h.
| DWORD pesieve::ThreadScanReport::thread_state |
Definition at line 90 of file thread_scanner.h.
|
static |
Definition at line 18 of file thread_scanner.h.
|
static |
Definition at line 19 of file thread_scanner.h.
| DWORD pesieve::ThreadScanReport::thread_wait_reason |
Definition at line 91 of file thread_scanner.h.
| DWORD pesieve::ThreadScanReport::thread_wait_time |
Definition at line 92 of file thread_scanner.h.
| DWORD pesieve::ThreadScanReport::tid |
Definition at line 86 of file thread_scanner.h.
1.12.0
