PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | List of all members
pesieve::ThunkFoundCallback Class Referenceabstract

A class containing callbacks for functions: find_iat, fill_iat. More...

#include <iat_finder.h>

Public Member Functions

 ThunkFoundCallback ()
 
virtual bool shouldProcessVA (ULONGLONG va)=0
 the callback that will be called for each candidate for the imported function VA
 
virtual bool shouldAcceptExport (ULONGLONG va, const peconv::ExportedFunc &exp)=0
 the callback that will be called validly resolved import
 

Detailed Description

A class containing callbacks for functions: find_iat, fill_iat.

Definition at line 15 of file iat_finder.h.

Constructor & Destructor Documentation

◆ ThunkFoundCallback()

pesieve::ThunkFoundCallback::ThunkFoundCallback ( )
inline

Definition at line 18 of file iat_finder.h.

Member Function Documentation

◆ shouldAcceptExport()

virtual bool pesieve::ThunkFoundCallback::shouldAcceptExport ( ULONGLONG va,
const peconv::ExportedFunc & exp )
pure virtual

the callback that will be called validly resolved import

◆ shouldProcessVA()

virtual bool pesieve::ThunkFoundCallback::shouldProcessVA ( ULONGLONG va)
pure virtual

the callback that will be called for each candidate for the imported function VA

The documentation for this class was generated from the following file:
Generated by doxygen 1.10.0