PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
custom_buffer.h
Go to the documentation of this file.
1#pragma once
2#include <windows.h>
3
4namespace pesieve {
5 namespace util {
6
7 struct AutoBuffer
8 {
9 AutoBuffer() : buf(nullptr), max_size(0), buf_size(0) { }
10
11 ~AutoBuffer() {
12 if (buf) {
13 ::free(buf);
14 buf = nullptr;
15 }
16 max_size = 0;
17 buf_size = 0;
18 }
19
20 BYTE* alloc(size_t _buf_size)
21 {
22 if (_buf_size > max_size) {
23 BYTE* allocated = (BYTE*)::realloc((void*)buf, _buf_size);
24 if (!allocated) {
25 return nullptr;
26 }
27 buf = allocated;
28 max_size = _buf_size;
29 }
30 buf_size = _buf_size;
31 ::memset(buf, 0, max_size);
32 return buf;
33 }
34
35 BYTE* buf;
36 size_t max_size;
37 size_t buf_size;
38 };
39
40 }; //namespace util
41}; //namespace pesieve
pesieve::util::AutoBuffer::alloc
BYTE * alloc(size_t _buf_size)
Definition custom_buffer.h:20
Generated by doxygen 1.12.0