PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Static Public Attributes | List of all members
pesieve.t_data_scan_mode Class Reference
Inheritance diagram for pesieve.t_data_scan_mode:
Inheritance graph
[legend]

Static Public Attributes

int PE_DATA_NO_SCAN = 0
int PE_DATA_SCAN_DOTNET = 1
int PE_DATA_SCAN_NO_DEP = 2
int PE_DATA_SCAN_ALWAYS = 3
int PE_DATA_SCAN_INACCESSIBLE = 4
int PE_DATA_SCAN_INACCESSIBLE_ONLY = 5
int PE_DATA_COUNT = 6

Detailed Description

Definition at line 74 of file pesieve.py.

Member Data Documentation

◆ PE_DATA_COUNT

int pesieve.t_data_scan_mode.PE_DATA_COUNT = 6
static

Definition at line 81 of file pesieve.py.

◆ PE_DATA_NO_SCAN

int pesieve.t_data_scan_mode.PE_DATA_NO_SCAN = 0
static

Definition at line 75 of file pesieve.py.

◆ PE_DATA_SCAN_ALWAYS

int pesieve.t_data_scan_mode.PE_DATA_SCAN_ALWAYS = 3
static

Definition at line 78 of file pesieve.py.

◆ PE_DATA_SCAN_DOTNET

int pesieve.t_data_scan_mode.PE_DATA_SCAN_DOTNET = 1
static

Definition at line 76 of file pesieve.py.

◆ PE_DATA_SCAN_INACCESSIBLE

int pesieve.t_data_scan_mode.PE_DATA_SCAN_INACCESSIBLE = 4
static

Definition at line 79 of file pesieve.py.

◆ PE_DATA_SCAN_INACCESSIBLE_ONLY

int pesieve.t_data_scan_mode.PE_DATA_SCAN_INACCESSIBLE_ONLY = 5
static

Definition at line 80 of file pesieve.py.

◆ PE_DATA_SCAN_NO_DEP

int pesieve.t_data_scan_mode.PE_DATA_SCAN_NO_DEP = 2
static

Definition at line 77 of file pesieve.py.

The documentation for this class was generated from the following file:
Generated by doxygen 1.17.0