pesieve::WorkingSetScanReport Class Reference

A report from the working set scan, generated by WorkingSetScanner. More...

#include <workingset_scanner.h>

Inheritance diagram for pesieve::WorkingSetScanReport:

Public Member Functions
	WorkingSetScanReport (HMODULE _module, size_t _moduleSize, t_scan_status status)
virtual const bool	toJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)
virtual const void	fieldsToJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)
size_t	generateTags (const std::string &reportPath)
Public Member Functions inherited from pesieve::ModuleScanReport
	ModuleScanReport (HMODULE _module, size_t _moduleSize, t_scan_status _status=SCAN_NOT_SUSPICIOUS)
virtual	~ModuleScanReport ()
virtual ULONGLONG	getRelocBase ()
Public Member Functions inherited from pesieve::ElementScanReport
	ElementScanReport (t_scan_status _status=SCAN_NOT_SUSPICIOUS)

Public Attributes
bool	is_executable
bool	is_listed_module
bool	has_pe
bool	has_shellcode
util::ByteBuffer	data_cache
std::vector< sig_finder::Match >	custom_matched
size_t	all_matched_count
size_t	match_area_start
AreaMultiStats	stats
AreaInfo	area_info
DWORD	protection
DWORD	mapping_type
std::string	mapped_name
Public Attributes inherited from pesieve::ModuleScanReport
HMODULE	module
size_t	moduleSize
bool	isDotNetModule
std::string	moduleFile
ULONGLONG	origBase
ULONGLONG	relocBase
Public Attributes inherited from pesieve::ElementScanReport
t_scan_status	status

Protected Member Functions
const void	patternsToJSON (std::stringstream &outs, size_t level, const pesieve::t_json_level &jdetails)
Protected Member Functions inherited from pesieve::ModuleScanReport
virtual const bool	_toJSON (std::stringstream &outs, size_t level=JSON_LEVEL, const pesieve::t_json_level &jdetails=JSON_BASIC)

Static Protected Member Functions
static std::string	translate_mapping_type (DWORD type)

Additional Inherited Members
Static Public Member Functions inherited from pesieve::ElementScanReport
static t_scan_status	get_scan_status (const ElementScanReport *report)
Static Public Attributes inherited from pesieve::ElementScanReport
static const size_t	JSON_LEVEL = 1

Detailed Description

A report from the working set scan, generated by WorkingSetScanner.

Definition at line 28 of file workingset_scanner.h.

Constructor & Destructor Documentation

WorkingSetScanReport()

pesieve::WorkingSetScanReport::WorkingSetScanReport ( HMODULE _module, size_t _moduleSize, t_scan_status status )

inline

Definition at line 31 of file workingset_scanner.h.

Here is the call graph for this function:

Member Function Documentation

fieldsToJSON()

virtual const void pesieve::WorkingSetScanReport::fieldsToJSON ( std::stringstream & outs, size_t level, const pesieve::t_json_level & jdetails )

inlinevirtual

Reimplemented in pesieve::ArtefactScanReport.

Definition at line 53 of file workingset_scanner.h.

Here is the call graph for this function:

generateTags()

size_t WorkingSetScanReport::generateTags

(

const std::string &

reportPath

)

Definition at line 46 of file workingset_scanner.cpp.

Here is the call graph for this function:

patternsToJSON()

const void pesieve::WorkingSetScanReport::patternsToJSON ( std::stringstream & outs, size_t level, const pesieve::t_json_level & jdetails )

inlineprotected

---

Definition at line 125 of file workingset_scanner.h.

toJSON()

virtual const bool pesieve::WorkingSetScanReport::toJSON ( std::stringstream & outs, size_t level, const pesieve::t_json_level & jdetails )

inlinevirtual

Implements pesieve::ModuleScanReport.

Reimplemented in pesieve::ArtefactScanReport.

Definition at line 44 of file workingset_scanner.h.

Here is the call graph for this function:

translate_mapping_type()

static std::string pesieve::WorkingSetScanReport::translate_mapping_type ( DWORD type )

inlinestaticprotected

Definition at line 114 of file workingset_scanner.h.

Member Data Documentation

all_matched_count

size_t pesieve::WorkingSetScanReport::all_matched_count

Definition at line 103 of file workingset_scanner.h.

area_info

AreaInfo pesieve::WorkingSetScanReport::area_info

Definition at line 107 of file workingset_scanner.h.

custom_matched

std::vector<sig_finder::Match> pesieve::WorkingSetScanReport::custom_matched

Definition at line 102 of file workingset_scanner.h.

data_cache

util::ByteBuffer pesieve::WorkingSetScanReport::data_cache

Definition at line 101 of file workingset_scanner.h.

has_pe

bool pesieve::WorkingSetScanReport::has_pe

Definition at line 98 of file workingset_scanner.h.

has_shellcode

bool pesieve::WorkingSetScanReport::has_shellcode

Definition at line 99 of file workingset_scanner.h.

is_executable

bool pesieve::WorkingSetScanReport::is_executable

Definition at line 96 of file workingset_scanner.h.

is_listed_module

bool pesieve::WorkingSetScanReport::is_listed_module

Definition at line 97 of file workingset_scanner.h.

mapped_name

std::string pesieve::WorkingSetScanReport::mapped_name

Definition at line 111 of file workingset_scanner.h.

mapping_type

DWORD pesieve::WorkingSetScanReport::mapping_type

Definition at line 110 of file workingset_scanner.h.

match_area_start

size_t pesieve::WorkingSetScanReport::match_area_start

Definition at line 104 of file workingset_scanner.h.

protection

DWORD pesieve::WorkingSetScanReport::protection

Definition at line 109 of file workingset_scanner.h.

stats

AreaMultiStats pesieve::WorkingSetScanReport::stats

Definition at line 106 of file workingset_scanner.h.

---

The documentation for this class was generated from the following files:

• scanners/workingset_scanner.h
• scanners/workingset_scanner.cpp