PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
pesieve::ThreadScanner Member List

This is the complete list of members for pesieve::ThreadScanner, including all inherited members.

analyzeCallStack(IN const std::vector< ULONGLONG > &stack_frame, IN OUT ctx_details &cDetails)pesieve::ThreadScannerprotected
checkReturnAddrIntegrity(IN const std::vector< ULONGLONG > &callStack)pesieve::ThreadScannerprotected
exportsMappesieve::ThreadScannerprotected
fetchThreadCtxDetails(IN HANDLE hProcess, IN HANDLE hThread, OUT ctx_details &c)pesieve::ThreadScannerprotected
fillAreaStats(ThreadScanReport *my_report)pesieve::ThreadScannerprotected
fillCallStackInfo(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT ctx_details &cDetails)pesieve::ThreadScannerprotected
infopesieve::ThreadScannerprotected
isAddrInShellcode(ULONGLONG addr)pesieve::ThreadScannerprotected
isReflectionpesieve::ThreadScannerprotected
modulesInfopesieve::ThreadScannerprotected
printResolvedAddr(ULONGLONG addr)pesieve::ThreadScannerprotected
printThreadInfo(const util::thread_info &threadi)pesieve::ThreadScannerprotected
ProcessFeatureScanner(HANDLE _processHandle)pesieve::ProcessFeatureScannerinline
processHandlepesieve::ProcessFeatureScannerprotected
reportSuspiciousAddr(ThreadScanReport *my_report, ULONGLONG susp_addr)pesieve::ThreadScannerprotected
scanRemote()pesieve::ThreadScannervirtual
scanRemoteThreadCtx(HANDLE hThread, ThreadScanReport *my_report)pesieve::ThreadScannerprotected
symbolspesieve::ThreadScannerprotected
ThreadScanner(HANDLE hProc, bool _isReflection, const util::thread_info &_info, ModulesInfo &_modulesInfo, peconv::ExportsMapper *_exportsMap, ProcessSymbolsManager *_symbols)pesieve::ThreadScannerinline
~ProcessFeatureScanner()pesieve::ProcessFeatureScannerinlinevirtual
Generated by doxygen 1.12.0