pesieve::WorkingSetScanner Class Reference

A scanner for detection of code implants in the process workingset. More...

#include <workingset_scanner.h>

Inheritance diagram for pesieve::WorkingSetScanner:

Public Member Functions
	WorkingSetScanner (HANDLE _procHndl, process_details _proc_details, const util::mem_region_info _mem_region, pesieve::t_params _args, ProcessScanReport &_process_report)
virtual	~WorkingSetScanner ()
virtual WorkingSetScanReport *	scanRemote ()
Public Member Functions inherited from pesieve::ProcessFeatureScanner
	ProcessFeatureScanner (HANDLE _processHandle)
virtual	~ProcessFeatureScanner ()

Protected Member Functions
bool	scanImg (MemPageData &memPage)
bool	isScannedAsModule (MemPageData &memPageData)
bool	isExecutable (MemPageData &memPageData)
bool	isPotentiallyExecutable (MemPageData &memPageData, const t_data_scan_mode &mode)
bool	checkAreaContent (IN MemPageData &_memPage, OUT WorkingSetScanReport *my_report)
WorkingSetScanReport *	scanExecutableArea (MemPageData &memPageData)

Protected Attributes
const process_details	pDetails
const util::mem_region_info	memRegion
ProcessScanReport &	processReport
pesieve::t_params	args
Protected Attributes inherited from pesieve::ProcessFeatureScanner
HANDLE	processHandle

Detailed Description

A scanner for detection of code implants in the process workingset.

Definition at line 147 of file workingset_scanner.h.

Constructor & Destructor Documentation

WorkingSetScanner()

pesieve::WorkingSetScanner::WorkingSetScanner ( HANDLE _procHndl, process_details _proc_details, const util::mem_region_info _mem_region, pesieve::t_params _args, ProcessScanReport & _process_report )

inline

Definition at line 149 of file workingset_scanner.h.

~WorkingSetScanner()

virtual pesieve::WorkingSetScanner::~WorkingSetScanner ( )

inlinevirtual

Definition at line 157 of file workingset_scanner.h.

Member Function Documentation

checkAreaContent()

bool pesieve::WorkingSetScanner::checkAreaContent ( IN MemPageData & _memPage, OUT WorkingSetScanReport * my_report )

protected

Definition at line 69 of file workingset_scanner.cpp.

Here is the call graph for this function:

isExecutable()

bool pesieve::WorkingSetScanner::isExecutable ( MemPageData & memPageData )

protected

Definition at line 161 of file workingset_scanner.cpp.

Here is the call graph for this function:

isPotentiallyExecutable()

bool pesieve::WorkingSetScanner::isPotentiallyExecutable ( MemPageData & memPageData, const t_data_scan_mode & mode )

protected

Definition at line 169 of file workingset_scanner.cpp.

Here is the call graph for this function:

isScannedAsModule()

bool pesieve::WorkingSetScanner::isScannedAsModule ( MemPageData & memPageData )

protected

Definition at line 243 of file workingset_scanner.cpp.

scanExecutableArea()

WorkingSetScanReport * pesieve::WorkingSetScanner::scanExecutableArea ( MemPageData & memPageData )

protected

Definition at line 202 of file workingset_scanner.cpp.

Here is the call graph for this function:

scanImg()

bool pesieve::WorkingSetScanner::scanImg ( MemPageData & memPage )

protected

Definition at line 254 of file workingset_scanner.cpp.

Here is the call graph for this function:

scanRemote()

WorkingSetScanReport * pesieve::WorkingSetScanner::scanRemote ( )

virtual

Perform the scan on the remote process

Returns

a pointer to an object of the class inherited from ModuleScanReport

Implements pesieve::ProcessFeatureScanner.

Definition at line 307 of file workingset_scanner.cpp.

Here is the call graph for this function:

Member Data Documentation

args

pesieve::t_params pesieve::WorkingSetScanner::args

protected

Definition at line 174 of file workingset_scanner.h.

memRegion

const util::mem_region_info pesieve::WorkingSetScanner::memRegion

protected

Definition at line 171 of file workingset_scanner.h.

pDetails

const process_details pesieve::WorkingSetScanner::pDetails

protected

Definition at line 170 of file workingset_scanner.h.

processReport

ProcessScanReport& pesieve::WorkingSetScanner::processReport

protected

Definition at line 173 of file workingset_scanner.h.

---

The documentation for this class was generated from the following files:

• scanners/workingset_scanner.h
• scanners/workingset_scanner.cpp