PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
pesieve.t_params Class Reference
Inheritance diagram for pesieve.t_params:

Static Protected Attributes

list _fields_
 

Detailed Description

Definition at line 100 of file pesieve.py.

Member Data Documentation

◆ _fields_

list pesieve.t_params._fields_
staticprotected
Initial value:
= [
('pid', ctypes.c_ulong),
('dotnet_policy', t_dotnet_policy),
('imprec_mode', t_imprec_mode),
('quiet', ctypes.c_bool),
('out_filter', t_output_filter),
('no_hooks', ctypes.c_bool),
('shellcode', t_shellc_mode),
('obfuscated', t_obfusc_mode),
('threads', ctypes.c_bool),
('iat', t_iat_scan_mode),
('data', t_data_scan_mode),
('minidump', ctypes.c_bool),
('dump_mode', t_dump_mode),
('json_output', ctypes.c_bool),
('make_reflection', ctypes.c_bool),
('use_cache', ctypes.c_bool),
('json_lvl', t_json_level),
('output_dir', ctypes.c_char * (MAX_PATH + 1)),
('modules_ignored', PARAM_STRING)
]

Definition at line 101 of file pesieve.py.


The documentation for this class was generated from the following file: